rcpilz@ablnc.UUCP (Robert C. Pilz) (08/26/86)
An unsuspecting user discovered someone playing tricks on that user by inserting a "Trojan Horse" program in a writeable directory of the unsuspecting user. The program echoed a series of "}}}}}}}" which are typical of a noisy line and then prompted the user for his/her login and passwd. The results of these prompts were stowed and the login sequence was imitated. The trickster was too dumb to not have the program remove itself though, and the program was discovered. This type of program is not new, it has been discussed at many lengths in many program journals. It usually only tricks the new users, but a system that experiences a lot of line noise will bring down anyone's guard. My reasoning on this problem is that the user's PATH variable was not as secure as it should be. According to the man page for sh(1), the default value of PATH is :/bin:/usr/bin. This allows THREE directories to execute programs: the CURRENT DIRECTORY, /bin and /usr/bin. Usually /etc/profile adds directories to the PATH as do the users' .profile files. The problem is that the current directory is first. In my .profile, I have eliminated the beginning : in my path. If a program to be executed is not in a directory indicated in my PATH, I execute it by "./". This is not a BIG hurdle but it is more secure. I am going to propose that the version of UNIX System Software that comp centers give to their users be a secure one. Let the users lower the security level to themselves if they wish. But we should not give them that level to start with! When I was in dept 452 at Bell Labs a similar choice was made. The real work is not finding these problems and coming up with solutions. The real work is convincing people that it is for their good and implementing them. Disclaimer: These are my own opinions, not my company's. Robert Pilz AT&T ------- ____ _______ _____ _______ Room 4SC24 -====------ / __ \ |__ __| / _ \ |__ __| 2301 Maitland Center Pkwy -======------ | <__> | | | \ \ \_\ | | Maitland, Fl 32751 -======------ | __ | | | / \ __ | | -====------ | | | | | | | (\ / / | | ablnc!rcpilz ------- |_| |_| |_| \_____/ |_| (305) 660-6990
ark@alice.UucP (Andrew Koenig) (08/27/86)
> In my .profile, I have eliminated the beginning : in my path. If a > program to be executed is not in a directory indicated in my PATH, > I execute it by "./". This is not a BIG hurdle but it is more > secure. If you put the current directory at the end of the search path, the hassle is much less and the advantage is almost as great.
narten@arthur.cs.purdue.edu (Thomas Narten) (08/27/86)
In <184@ablnc.UUCP>, rcpilz@ablnc.UUCP (Robert C. Pilz) writes: >The real work is not finding these problems and coming up with solutions. >The real work is convincing people that it is for their good and >implementing them. Tis true. It always has been a problem for me when other people attempt to do things "for my own good".
kehres@styx.UUCP (Tim Kehres) (08/28/86)
In article <5991@alice.uUCp> ark@alice.UucP (Andrew Koenig) writes: >> In my .profile, I have eliminated the beginning : in my path. If a >> program to be executed is not in a directory indicated in my PATH, >> I execute it by "./". This is not a BIG hurdle but it is more >> secure. > >If you put the current directory at the end of the search path, >the hassle is much less and the advantage is almost as great. It is also very important to make sure that directories with either world or group write permissions are not in the path. If they must be there, they should be at the end of the search path. In any event, /bin and /usr/bin should be at the head of the search path. Tim Kehres Control Data Corporaton / Lawrence Livermore National Laboratory ---------------------------------------------------------------- UUCP: {idi,ihnp4!lll-lcc}!styx!kehres ARPA: kehres@lll-tis-b.ARPA AT&T: (415) 463-6852
dpw@rayssd.UUCP (Darryl P. Wagoner) (08/31/86)
> > In my .profile, I have eliminated the beginning : in my path. If a > > program to be executed is not in a directory indicated in my PATH, > > I execute it by "./". This is not a BIG hurdle but it is more > > secure. > > If you put the current directory at the end of the search path, > the hassle is much less and the advantage is almost as great. I have to agree. It is not very effective to put a Trojan Horse called some-strange-name in a writeable directory. If a person is that dumb enough to execute an unknowned program .... Well you can fill in the rest. Besides you don't "cd" into a directory and execute some program you don't even know the name of. The point is that for a Trojan Horse to be successful it should be a command that a person will execute upon entering a directory, namely "ls". -- Save ihnp4! Mail around it. -- Darryl Wagoner Raytheon Co.; Portsmouth RI; (401)-847-8000 x4089 best path {allegra|gatech|mirror|raybed2} ---------\ next best {linus|ihnp4|pyrbos} ---------------------->!rayssd!dpw if all else fails {brunix|cci632} -------------------------/
ronc@fai.UUCP (Ronald O. Christian) (09/09/86)
In article <5991@alice.uUCp> ark@alice.UucP (Andrew Koenig) writes: >> In my .profile, I have eliminated the beginning : in my path. If a >> program to be executed is not in a directory indicated in my PATH, >> I execute it by "./". This is not a BIG hurdle but it is more >> secure. > >If you put the current directory at the end of the search path, >the hassle is much less and the advantage is almost as great. *** Doesn't help you in the case of popular misspelling of commands, like 'sl' and 'mial'. Oh, sure, I put "." in my path last, but recognize that you are only a little more secure when you do this. Ron -- -- Ronald O. Christian (Fujitsu America Inc., San Jose, Calif.) seismo!amdahl!fai!ronc -or- ihnp4!pesnta!fai!ronc Oliver's law of assumed responsibility: "If you are seen fixing it, you will be blamed for breaking it."
wombat@ccvaxa.UUCP (09/15/86)
/* Written 4:28 pm Sep 9, 1986 by ronc@fai.UUCP in ccvaxa:net.unix */ In article <5991@alice.uUCp> ark@alice.UucP (Andrew Koenig) writes: >If you put the current directory at the end of the search path, >the hassle is much less and the advantage is almost as great. *** Doesn't help you in the case of popular misspelling of commands, like 'sl' and 'mial'. /* End of text from ccvaxa:net.unix */ This is easy to avoid with csh - I usually alias my most common misspellings (sl, diris, jbos, tial, amke, ...). "Our first order of business will be to find a deranged alchemist, which should not be very difficult. China," said Master Li, "is overstocked with deranged alchemists." Barry Hughart, *Bridge of Birds* Wombat ihnp4!uiucdcs!ccvaxa!wombat