Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <3346:Sep2422:01:3090@kramden.acf.nyu.edu>
Date: 24 Sep 90 22:01:30 GMT
References: <LUSH.90Sep21083625@athena0.EE.MsState.Edu> <50845@brunix.UUCP> <4086@auspex.auspex.com>
Organization: IR
Lines: 18

In article <4086@auspex.auspex.com> guy@auspex.auspex.com (Guy Harris) writes:
> >and switch to plain "login:" if an incorrect password is entered.  This
> >disables login trojans by making them unconcealable.
> Err, what's to stop the trojan horse program from exhibiting the same
> behavior as "getty" (which issues the first prompt indicated above) and
> "login" (which issues the subsequent ones)?

And what if it imitates getty and login in all respects? After all,
there's no reason it can't check your password for you and then log in
as you if you provide the right password. And what if, to be somewhat
more subtle, it simply intercepts all the I/O and connects you to a
telnetd or login on a pseudo-tty?

You cannot reliably *detect* a Trojan Horse unless you can reliably
*avoid* a Trojan horse. That's why the system has to provide a trusted
path.

---Dan