slaying Gould dragon with a wooden horse

[H. Munster]

(This is a specific disclaimer: the opinions expressed in the material
below are specifically mine.  I do not claim to speak in any official
capacity for Gould or any department or division of Gould.  PLEASE don't
fire me...please?)

Hmmm...the UTX people up in Urbana read unix-wizards too.  I'm sure that
they've already seen Darryl's posting, and will fix the searchpath problem
sometime soon (but don't ask me when; I'm not associated with them).
Was the approach "legitimate"?  Welllll... I'm not sure about the rules
of the contest, but in real life, anything that works is legitimate, and
obviously Darryl's approach worked.

However, it seems to me that Darryl took advantage of two security holes,
and only one of them was in the system.  The security holes are:
(1) the faulty searchpath with the current directory first, and (2)
the naive system administrator, who consented to log in as superuser on the
user's behalf and poke around in the user's directory.  In the real
world of government-classified computer installations (which is what
Secure UTX is targeted for), you probably would have not gotten such
cooperation from the system admin.

Any system, no matter how secure it is designed to be, is only as secure
as the people who run it make it.  If the searchpath problem was fixed,
Darryl still have gotten in by creating a Trojan-horse program in his
directory and convincing the superuser to run it.  (An old student
approach: "I'm getting a wierd error out of this homework program; could
you please run it and tell me what you think is wrong?").  This would
have worked just as well, and there is *no system on the market* that
can stop this type of attack...because the thing being taken advantage of
isn't the system, it's the system administrator.

This is not to knock Darryl's approach, which was clever and devestatingly
simple.  But he could have broken the system just as easily by watching
the administrator type in the superuser password, and then logging in as
superuser himself.  This is just to point out that a system is only as good
as its administrators.

(And you can bet that the next time we run such a contest, the person running
the machine will be more careful!)
---
It's been said by many a wise philosopher that when you die and your soul
goes to its final resting place, it has to make a connection in Atlanta.

Dave Cornutt, Gould Computer Systems, Ft. Lauderdale, FL
UUCP:  ...{sun,pur-ee,brl-bmd}!gould!dcornutt
 or ...!ucf-cs!novavax!houligan!dcornutt
ARPA: wait a minute, I've almost got it...

"The opinions expressed herein are not necessarily those of my employer,
not necessarily mine, and probably not necessary."