Xref: utzoo comp.unix.internals:2828 alt.security:2557
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.internals,alt.security
Subject: Re: BSD tty security, part 3: How to Fix It
Summary: Not everything has an "out of band channel"
Message-ID: <19306@rpp386.cactus.org>
Date: 17 May 91 12:43:53 GMT
References: <19270@rpp386.cactus.org> <25833:May1416:43:4291@kramden.acf.nyu.edu> <3136@cirrusl.UUCP>
Organization: River Parishes Programming, Austin TX
Lines: 36

In article <3136@cirrusl.UUCP>, dhesi%cirrusl@oliveb.ATC.olivetti.com (Rahul Dhesi) writes:
> In <19281@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes:
> 
> >Can I change my baud rate while waiting for the SAK sequence?  Of
> >course there's a need to turn off the SAK key - how long is a UUCP
> >packet this week?
> 
> A secure attention key sequence, to be secure, must use an out-of-band
> channel.  As an analogous example, the DTR line to a modem is
> out-of-band and cannot be defeated no matter what you send on the data
> lines.

Yes.  Not everything has an out of band channel to send a SAK sequence
along on.  For example, what would you use as the SAK sequence on a 3
wire dumb ASCII terminal that is hardwired to a port switch that is
used by any number of other terminals with various baud rates and
keyboards?  There are no spare lines to dork with.  Send a break?  Do
all dumb ASCII keyboards include a BREAK key?  It can't be defeated,
but no every keyboard has one.  Waving "SAK" in front of the problem
does not make the issue of authenticating the login process to you any
more secure.  The issue I keep trying to raise is that it is nice if
both the computer and the user clean the line.  Dan assures us that
for a properly started login process (which he can't guarantee the
user is going to press SAK to start) we get a clean line.  I say,
remove the dependency on the user pressing SAK to start with - let
the system clean the line off itself.  If the user wants to clean the
line, let her nail the SAK key and kill any trojans lurking in the
wings.  If a system application (for example, passwd) wants to make
certain it is talking directly to the authenticated user, let it
execute some revoke() process which kills off all untrusted (non-TCB)
applications using that port (or some other grotesque action).
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) |  Domain: jfh@rpp386.cactus.org
"If liberals interpreted the 2nd Amendment the same way they interpret the
 rest of the Constitution, gun ownership would be mandatory."