Path: utzoo!attcan!uunet!husc6!rutgers!bellcore!tness7!texbell!sugar!karl From: karl@sugar.uu.net (Karl Lehenbauer) Newsgroups: comp.sys.amiga Subject: Re: The ultimate fix!!! Message-ID: <2797@sugar.uu.net> Date: 12 Oct 88 13:25:51 GMT References: <8810092209.AA09182@cory.Berkeley.EDU> <2791@sugar.uu.net> <12737@oberon.USC.EDU> Organization: Sugar Land Unix - Houston, TX Lines: 49 In article <12737@oberon.USC.EDU>, papa@pollux.usc.edu (Marco Papa) writes: > Anyway, before speaking again why don't you do your research? Et tu, Marco? I asked for clarification to a remark calling my statement absurd without any specifics. It was NOT insistence that it was correct. >Read about ANSI > terminals and what "magic" things one can do with them. At least pick up > one of the last issues of CACM and read how safe are UNIX systemes like mail, > uucp, emacs and NFS. I am well aware of the abilities of *some* terminals to transmit data in response to certain escape codes and the ramifications thereof. I have a trap in my home directory at work that causes a cute program to run if someone cats the file. (We all have the same kind of terminals) What kind of terminal do I have? Your virus will need to know that -- already arbitrarily limiting the systems it can run on. In other words, your virus will not be nearly as universal to all Unix systems as an Amiga virus is to all Amigas. I saw the emacs problem in comp.risks. We don't have emacs here. I guess this system and hundreds of thounsands of other unix systems are invulnerable to malicious code propagating itself in this manner. Does the mail bug rely on transmitting escape sequences to the terminal or being read into emacs? My mailer maps unprintable characters and most others I'm aware of do as well -- hope it's more than that. uucp, huh? Are we talking security holes or places for virii to propagage? This is pretty far afield from my caveat-laden remark that it is somewhat safer to run unknown programs from a guest signon, which started this whole thing. NFS: I don't use it -- guess my unix system and hundreds of thousands of others are invulnerable to malicious NFS code. You at least give examples, but they are far from as universally contagious as ones targeting specific unprotected machines. Heck, in my original posting I said "No system is secure" and "even if you have the source code you can't be sure a program isn't malicious" -- hardly ignorant knee-jerk opinions and ones I think you strongly agree with. I'll look for the CACM articles you mention. Again, my message wasn't to repeat my "ignorance," it was to ask for specifics, thus I didn't propound ignorance by speaking twice, so I find your remarks that I spoke twice in ignorance to be incorrect, demeaning and offensive. -- -- "We've been following your progress with considerable interest, not to say -- contempt." -- Zaphod Beeblebrox IV -- uunet!sugar!karl, Unix BBS (713) 438-5018