Finding Passwords
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Tue Oct 9 20:27:31 AEST 1990
In article <1849 at necisa.ho.necisa.oz> boyd at necisa.ho.necisa.oz (Boyd Roberts) writes:
> The semantics are always wrong and your 20 line `hack' may well turn out
> to be a serious problem. Think about the problem. Solve the problem.
> Code the algorithm. Because it's simple and `cheap' doesn't mean it's right.
Good advice...
The problem is to always be able to cut off any middlemen, specifically
on a physical tty (really modem) line.
There's no good way under UNIX to enforce new access permissions on an
object. Once a program is talking to the tty, it has it, forever. Rather
than kludging a wimpy vhan---uh, rather than half-as---uh, let's assume
that there's no way to get around this.
This means that the processes can't be talking to the modem device
directly. There has to be an extra level of indirection. Processes are
grouped within a ``session,'' which may or may not be associated with a
``connection'' to the outside world. The connection between the session
and the modem is controlled by a system program, which drops the
connection when it receives a BREAK.
That's it! The Trojan Horse problem is basically solved.
For full details on how this might be made to work in practice, read
Steve Bellovin's excellent session management paper, available from
inet.att.com as dist/sessext.ps. If you want a real, working BSD program
that implements these security features right now, just ... whoops,
promised myself I wouldn't mention it this time. [grin]
---Dan
More information about the Comp.unix.internals
mailing list