jbn@glacier.STANFORD.EDU (John B. Nagle) (12/15/88)
Today: Mail that makes "vi" do interesting things. Mail that makes "emacs" do interesting things. Tomorrow: Mail that makes Display Postscript do interesting things. Mail that makes "intelligent agents" do interesting things. Mail that makes fax machines do interesting things. This is going to get worse before it gets better, and the heavy thinkers in the field had better start thinking about it. We don't even have a good theoretical basis for thinking about these problems yet. Grace Nibaldi's Orange Book is no help here. Even capabilities aren't too much help. Biba's integrity model provides a possible holding action, but it's too restrictive for most users. The basic problem is that everything processed by anything with any smarts is potentially a program. If every user's program has all the privileges of that user, every program that processes data derived from data originating in the outside world is potentially an entry point for a Trojan horse. John Nagle
Dave Lawrence (12/15/88)
jbn@glacier.UUCP (John B. Nagle) wrote: > Mail that makes "vi" do interesting things. > Mail that makes "emacs" do interesting things. > Mail that makes Display Postscript do interesting things. > Mail that makes "intelligent agents" do interesting things. > Mail that makes fax machines do interesting things. And while we're at it, how about mail that makes sunt(f|t)ools do interesting things? I can really make people wonder with a few imbedded escape sequences ... and if I'm logged into their machine while they run suntools on console, they're sanity can just about go bye bye. (This all assumes that I would do such a thing, which I wouldn't (anymore).) It also teaches another valuable lesson ... even a terribly simple utility like _c_a_t(1) can be used for ulterior motives. Dave -- tale@rpitsmts.bitnet, tale%mts@rpitsgw.rpi.edu, tale@pawl.rpi.edu