slaying Gould dragon with a wooden horse
Robert Reed
bobr at zeus.UUCP
Sat Nov 8 06:24:48 AEST 1986
In <157 at houligan.UUCP> Dave Cornutt writes:
Any system, no matter how secure it is designed to be, is only as secure
as the people who run it make it. If the searchpath problem was fixed,
Darryl still have gotten in by creating a Trojan-horse program in his
directory and convincing the superuser to run it. (An old student
approach: "I'm getting a wierd error out of this homework program; could
you please run it and tell me what you think is wrong?"). This would
have worked just as well, and there is *no system on the market* that
can stop this type of attack...because the thing being taken advantage
of isn't the system, it's the system administrator.
Maybe yes, maybe no. It is certainly true in either case that the sys-admin
was duped, but in Darryl's trojan horse scheme, he was relying on the
coincidence of two conditions:
1. That the search path tried the current working directory first.
2. That the system administrator would think nothing of using standard
utilities while running as root in that directory.
It is one thing to build a trojan horse behind, say, ls; one that does its
dirty deed and then execs the real ls. It's quite another to convince an
administrator to run a user program WHILE IN A PRIVILEDGED ACCOUNT. It's
certainly possible to do it, especially with a novice admin, just as it is
possible to take advantage of one who leaves terminals logged into root. I
know I would have real qualms about executing someone's xyz program while
running as root. But I might not even think about running ls, cat, more, or
emacs.
--
Robert Reed, Tektronix CAE Systems Division, bobr at zeus.TEK
More information about the Comp.unix.questions
mailing list