Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!rutgers!seismo!gatech!akgua!codas!peora!ucf-cs!novavax!houligan!dave@murphy.UUCP From: dave@murphy.UUCP (H. Munster) Newsgroups: net.unix,net.unix-wizards Subject: Re: slaying Gould dragon with a wooden horse Message-ID: <157@houligan.UUCP> Date: Wed, 5-Nov-86 12:09:24 EST Article-I.D.: houligan.157 Posted: Wed Nov 5 12:09:24 1986 Date-Received: Sat, 8-Nov-86 03:39:40 EST Organization: Gould Electronics, Ft. Lauderdale, Florida. Lines: 50 Xref: watmath net.unix:9849 net.unix-wizards:20330 (This is a specific disclaimer: the opinions expressed in the material below are specifically mine. I do not claim to speak in any official capacity for Gould or any department or division of Gould. PLEASE don't fire me...please?) Hmmm...the UTX people up in Urbana read unix-wizards too. I'm sure that they've already seen Darryl's posting, and will fix the searchpath problem sometime soon (but don't ask me when; I'm not associated with them). Was the approach "legitimate"? Welllll... I'm not sure about the rules of the contest, but in real life, anything that works is legitimate, and obviously Darryl's approach worked. However, it seems to me that Darryl took advantage of two security holes, and only one of them was in the system. The security holes are: (1) the faulty searchpath with the current directory first, and (2) the naive system administrator, who consented to log in as superuser on the user's behalf and poke around in the user's directory. In the real world of government-classified computer installations (which is what Secure UTX is targeted for), you probably would have not gotten such cooperation from the system admin. Any system, no matter how secure it is designed to be, is only as secure as the people who run it make it. If the searchpath problem was fixed, Darryl still have gotten in by creating a Trojan-horse program in his directory and convincing the superuser to run it. (An old student approach: "I'm getting a wierd error out of this homework program; could you please run it and tell me what you think is wrong?"). This would have worked just as well, and there is *no system on the market* that can stop this type of attack...because the thing being taken advantage of isn't the system, it's the system administrator. This is not to knock Darryl's approach, which was clever and devestatingly simple. But he could have broken the system just as easily by watching the administrator type in the superuser password, and then logging in as superuser himself. This is just to point out that a system is only as good as its administrators. (And you can bet that the next time we run such a contest, the person running the machine will be more careful!) --- It's been said by many a wise philosopher that when you die and your soul goes to its final resting place, it has to make a connection in Atlanta. Dave Cornutt, Gould Computer Systems, Ft. Lauderdale, FL UUCP: ...{sun,pur-ee,brl-bmd}!gould!dcornutt or ...!ucf-cs!novavax!houligan!dcornutt ARPA: wait a minute, I've almost got it... "The opinions expressed herein are not necessarily those of my employer, not necessarily mine, and probably not necessary."