Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!ut-emx!chrisj
From: chrisj@ut-emx.UUCP (Chris Johnson)
Newsgroups: comp.sys.mac
Subject: Re: I'm not sure I believe this. (was Re: New WDEF Virus)
Message-ID: <22320@ut-emx.UUCP>
Date: 13 Dec 89 19:53:46 GMT
References: <1989Dec12.044029.19171@eng.umd.edu> <3277@hub.UUCP> <1501@rodan.acs.syr.edu> <4221@sbcs.sunysb.edu> <4227@sbcs.sunysb.edu>
Reply-To: chrisj@emx.UUCP (Chris Johnson)
Organization: U.T. Austin Computation Center
Lines: 50

In article <4227@sbcs.sunysb.edu> vallon@sbmiclr.cs.sunysb.edu (Justin Vallon) writes:
>My original suggesstion was to have a new privilidge for "Code"-containing
>resources, and "Safe" resources.  This way, we could give almost everybody
>"Safe" privilidges without worrying, and "Code" resources to only certain
>programs (F/DA Mover, Compilers, ResEdit, etc).

That's exactly what the existing privilege scheme does.

>I have a question.  Does GateKeeper only intercept calls to resource
>modifications of code-containing resources, or all resources?  If GateKeeper
>only traps code-containing resource modifications, then why is it necessary
>to give the Finder Res/Other privilidges?  I was under the impression that
>GateKeeper traps all resource modifications, hence the necessity for Res/
>Other privilidges for the Finder.

Gatekeeper will only consider interfering with attemtps to modify executable
resources.  By definition, all other resources are harmless.

By the way, it is *NOT* necessary to give the Finder Res(Other) privileges.
The Finder needs File(Other) privileges which are a totally different issue.
Every version of Gatekeeper has included a list of required privileges, and
the Finder has always been listed as requiring *only* File(Other) privileges.
It has never been listed as requiring anything more.  Version 1.1.1 even
comes preconfigured, and, again the Finder gets File(Other) and nothing else.

This is important because giving the Finder Res(Other) privileges opens up
a big doorway to viruses that would otherwise be stopped effortlessly.

>Unfortunately, I don't think the documentation gives any indication about
>(a) whether it traps all resources, or (b) if not all, then the ones that
>it does trap.

>-Justin
>vallon@sbcs.sunysb.edu

The documentation discusses this and even tells you how to edit the resource
type tables that Gatekeeper uses to distinguish the different types of 
resources, e.g. executable resources vs. solely virus related resources.
Refer to the on-line help in the Advanced Configuration section.

I don't talk about other aspects of Gatekeeper's security system because
I want would-be virus authors to waste lots of their time trying to figure
out all those details for themselves.  Beyond that, it would just intimidate
most users trying to understand the product, without improving doing anything
to improve their understanding of the product.

Cheers,
----Chris (Johnson)
----Author of Gatekeeper
----chrisj@emx.utexas.edu