Trojan horses in mail text
John B. Nagle
jbn at glacier.STANFORD.EDU
Thu Dec 15 11:56:10 AEST 1988
Today:
Mail that makes "vi" do interesting things.
Mail that makes "emacs" do interesting things.
Tomorrow:
Mail that makes Display Postscript do interesting things.
Mail that makes "intelligent agents" do interesting things.
Mail that makes fax machines do interesting things.
This is going to get worse before it gets better, and the heavy thinkers
in the field had better start thinking about it. We don't even have
a good theoretical basis for thinking about these problems yet. Grace
Nibaldi's Orange Book is no help here. Even capabilities aren't too
much help. Biba's integrity model provides a possible holding action,
but it's too restrictive for most users.
The basic problem is that everything processed by anything with any
smarts is potentially a program. If every user's program has all the
privileges of that user, every program that processes data derived from
data originating in the outside world is potentially an entry point for
a Trojan horse.
John Nagle
More information about the Comp.unix.wizards
mailing list