[comp.unix.wizards] Trojan horses in mail text

jbn@glacier.STANFORD.EDU (John B. Nagle) (12/15/88)

     Today:

	Mail that makes "vi" do interesting things.
	Mail that makes "emacs" do interesting things.

     Tomorrow:

	Mail that makes Display Postscript do interesting things.
	Mail that makes "intelligent agents" do interesting things.
	Mail that makes fax machines do interesting things.

This is going to get worse before it gets better, and the heavy thinkers
in the field had better start thinking about it.  We don't even have
a good theoretical basis for thinking about these problems yet.  Grace
Nibaldi's Orange Book is no help here.  Even capabilities aren't too
much help.  Biba's integrity model provides a possible holding action,
but it's too restrictive for most users.

The basic problem is that everything processed by anything with any
smarts is potentially a program.  If every user's program has all the
privileges of that user, every program that processes data derived from
data originating in the outside world is potentially an entry point for
a Trojan horse.

						John Nagle

Dave Lawrence (12/15/88)

jbn@glacier.UUCP (John B. Nagle) wrote:
>	Mail that makes "vi" do interesting things.
>	Mail that makes "emacs" do interesting things.
>	Mail that makes Display Postscript do interesting things.
>	Mail that makes "intelligent agents" do interesting things.
>	Mail that makes fax machines do interesting things.

And while we're at it, how about mail that makes sunt(f|t)ools do
interesting things?  I can really make people wonder with a 
few imbedded escape sequences ... and if I'm logged into their
machine while they run suntools on console, they're sanity
can just about go bye bye. (This all assumes that I would do such
a thing, which I wouldn't (anymore).)  
 
It also teaches another valuable lesson ... even a terribly
simple utility like _c_a_t(1) can be used for ulterior 
motives.  
 
Dave
--
      tale@rpitsmts.bitnet, tale%mts@rpitsgw.rpi.edu, tale@pawl.rpi.edu