Xref: utzoo comp.unix.wizards:25687 alt.security:2582
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 3: How to Fix It
Message-ID: <19317@rpp386.cactus.org>
Date: 20 May 91 13:47:53 GMT
References: <19309@rpp386.cactus.org> <23893:May1901:19:2191@kramden.acf.nyu.edu> <19313@rpp386.cactus.org> <3690:May1921:22:5191@kramden.acf.nyu.edu>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Organization: Lone Star Cat Emporium and BBQ Grill
Lines: 20
X-Clever-Slogan: Help Prevent Robbery.  Tax the IRS.

In article <3690:May1921:22:5191@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>Can you please stop repeating the same stupid little question? If you
>can't understand Bellovin's explanations or my explanations or the
>series of diagrams above, I give up.

No.  Not until you figure out that I don't care about the TTY line
and I don't care about what happens before the user logs in.  What
happens to a trojan horse that gains access to the =PTY= =AFTER=
the user logs in?  The purpose (go read the Orange Book if you
don't believe me) of Trusted Path and SAK and so on is to insure
positive TCB to User (and vice versa) communication.  If you change
the point of attack from the hardwired tty port to the PTY device
and don't make it any more difficult to violate, all you've done
is moved the problem.  You diagram completely and totally misses
the point.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) |  Domain: jfh@rpp386.cactus.org
"If liberals interpreted the 2nd Amendment the same way they interpret the
 rest of the Constitution, gun ownership would be mandatory."