Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!sun-barr!lll-winken!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: CHESS@YKTVMV.BITNET (David.M.Chess) Newsgroups: comp.virus Subject: Unix viruses and damaging programs (UNIX) Message-ID: <0002.9104081309.AA03138@ubu.cert.sei.cmu.edu> Date: 5 Apr 91 15:39:41 GMT Sender: Virus Discussion List Lines: 37 Approved: krvw@sei.cmu.edu vancleef@iastate.edu (Van Cleef Henry H): > I have been asked to consider the possibility of virus, trojan horse, > etc. attacks on a distributed Unix fileserver system... > > My study begins with some assumptions, which I should state here... > > b. That all "security" to read and write as a superuser has already > been breached and that this breach has gone undetected. > > c. That one workstation with a bootable hard disk is accessible to the > individual planning to damage the system... Those are fine assumptions if you only want to worry about traditional sorts of attacks (Bad Guy breaking into your system and doing Bad Things by typing at his terminal/workstation). But if you also want to worry about the new sorts of risks that come with viruses, you should make assumptions that are more like: < b'. That, although the technical security of the system may be intact < and unbreached, there may be program-sharing patterns that would < allow a spreading virus to get from an "exposed" user to one with < superuser authority, through innocent actions of authorized users. < < c'. That, rather than a single individual actively attempting to do < damage on your system, there may be viruses in the outside world < that could inadvertantly be brought into the organization through < the innocent actions of authorized users importing programs. The new dangers that viruses add are that they can cause an "attacker's" code to run with privileges on your system even if your system's security is unbreached, no passwords have been guessed, everyone with access to your system is well-intentioned, and the attacker has in fact never touched a workstation attached to your system (he may never even have *heard* of your system). DC