From: c552408@monad.missouri.edu  (Cedric Tefft)
Newsgroups: alt.security.pgp
Subject: Re: SECDEV 1.3 problem
Date: 19 Aug 1994 22:09:00 GMT

Yikes!  Can we say multiple posting!!?  Sorry about that folks, my network  
hiccupped.  Anyway, after a little more experimenting, a few helpful  
suggestions, and a bleary-eyed staredown with the source code, I've determined  
the following bugs (bug-like features?) in SECDEV 1.3 (that's DEV as in Secure  
DEVICE, not Secure DRIVE) that some of you might want to take note of:

1) The documentation states that the secure volume file must be in the root  
directory, but does not state explicitly that the filespec for the volume MUST  
include the full path (including drive) in the config.sys statement.  For  
example, the following would be valid:

DEVICE=C:\SECDEV\SECDEV.SYS C:\SDVOL1.###

while NONE of the following are valid:

DEVICE=C:\SECDEV\SECDEV.SYS SDVOL1.###
DEVICE=C:\SECDEV\SECDEV.SYS \SDVOL1.###
DEVICE=C:\SECDEV\SECDEV.SYS C:SDVOL1.###

What's misleading is that if you do get the format wrong, you get an 'Invalid  
file Filename' or 'Invalid Drive letter' error.

2) If you try to mount a nonexistant volume, SECDEV does not complain at all!   
In fact, it gives the standard 'C:\NONFILE.DAT added as drive X:' message.

LOGIN will let you login as usual, but a General Failure results when trying to 
access the drive.

Thanks for the suggestions folks.

--
/---------------------------------------------------------------------\
| Cedric Tefft                   ||  UC's shall NOT under ANY circum- |
| User Consultant                ||  stances answer the following:    |
| Campus Computing - UMC         ||  "I can't, like, ya' know get my  |
| C552408@MONAD.MIZZOURI.EDU     ||   thing to work."                 |
\---------------------------------------------------------------------/


.