Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site cyb-eng.UUCP
Path: utzoo!watmath!clyde!bonnie!akgua!whuxlm!harpo!decvax!genrad!panda!talcott!harvard!seismo!ut-sally!oakhill!cyb-eng!bc
From: bc@cyb-eng.UUCP (Bill Crews)
Newsgroups: net.micro.pc
Subject: Re: MS-DOS cd command and security issues
Message-ID: <577@cyb-eng.UUCP>
Date: Wed, 19-Jun-85 17:54:46 EDT
Article-I.D.: cyb-eng.577
Posted: Wed Jun 19 17:54:46 1985
Date-Received: Sun, 23-Jun-85 01:29:07 EDT
References: <2160@mhuxd.UUCP> <25@ucbmiro.ARPA> <1478@ecsvax.UUCP> <1103@ihuxw.UUCP>
Organization: Cyb Systems, Austin, TX
Lines: 21

> Adding resident programs to trap unauthorized activities is fine, but be
> sure that a new shell cannot be executed which would not have those
> resident programs.  That is, saying, "command" should not result in
> executing the standard commmand.com.  This implies changing command.com,
> or removing it from the path.  If it is merely removed from the PATH, then
> the PATH variable should not be changable.

The suggested method of "trapping" involves intercepting execution as DOS
itself (the "kernel", if you will) is being accessed.  Therefore, another
COMMAND.COM or any other application will be a slave to its actions.  Of
course, it would still be possible for someone to write a program to seek
out the new vectors and reinstall the DOS kernel vectors, but limits to
security will always exist.

-- 

  /  \    Bill Crews
 ( bc )   Cyb Systems, Inc
  \__/    Austin, Texas

[ gatech | ihnp4 | nbires | seismo | ucb-vax ] ! ut-sally ! cyb-eng ! bc