jg23+@andrew.cmu.edu (John Robert Gray) (07/28/90)
Hi, I have a real big problem. I got FileGuard 2 month ago and now I found thatresedit is able to delete every resource in FileGuard, which makes FileGuard useless because it's a security software. Is there a way I can make it so resedit is unable to delete the resources in FileGuard? Thanx in Advance John
marc@Apple.COM (Mark Dawson) (07/30/90)
In article <AagBQF600WB7IDzGNI@andrew.cmu.edu> jg23+@andrew.cmu.edu (John Robert Gray) writes: >Hi, I have a real big problem. I got FileGuard 2 month ago and now I found thatresedit is able to delete every resource in FileGuard, which makes FileGuard >useless because it's a security software. Is there a way I can make it so >resedit is unable to delete the resources in FileGuard? You could store one of your 'important' resources in the data fork--ResEdit doesn't edit that. Mark -- --------------------------------- Mark Dawson Service Diagnostic Engineering AppleLink: Dawson.M Apple says what it says; I say what I say. We're different ---------------------------------
clarson@ux.acs.umn.edu (Chaz Larson) (08/02/90)
>In article <AagBQF600WB7IDzGNI@andrew.cmu.edu> jg23+@andrew.cmu.edu (John Robert Gray) writes: >Hi, I have a real big problem. I got FileGuard 2 month ago and now I found >that resedit is able to delete every resource in FileGuard, which makes >FileGuard >useless because it's a security software. Is there a way I can make it so >resedit is unable to delete the resources in FileGuard? You could lock the file, but a ResEdit user could change that. A more important question, so far as I'm concerned, is: -Why in the world is ResEdit openly available on a supposedly "secure" machine? RessEdit can be used to effectively gut _any_ software on the Mac. <chaz> -- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Must think...bubble pipe will relax me and I think..." - Flaming Carrot clarson@ux.acs.umn.edu AOL:Crowbone
dwal@ellis.uchicago.edu (David Walton) (08/02/90)
In article <1938@ux.acs.umn.edu> clarson@ux.acs.umn.edu (Chaz Larson) writes: >>In article <AagBQF600WB7IDzGNI@andrew.cmu.edu> jg23+@andrew.cmu.edu (John Robert Gray) writes: >>Hi, I have a real big problem. I got FileGuard 2 month ago and now I found >>that resedit is able to delete every resource in FileGuard, which makes >>FileGuard >>useless because it's a security software. Is there a way I can make it so >>resedit is unable to delete the resources in FileGuard? > >You could lock the file, but a ResEdit user could change that. A more >important question, so far as I'm concerned, is: > > -Why in the world is ResEdit openly available on a supposedly "secure" > machine? RessEdit can be used to effectively gut _any_ software on the > Mac. > ><chaz> >-- >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > "Must think...bubble pipe will relax me and I think..." > - Flaming Carrot >clarson@ux.acs.umn.edu AOL:Crowbone I don't think he actually said that ResEdit was available on the machines (although I don't have the original message anymore, so I could be wrong). In any case, lots of people have ResEdit who haven't bought it, aren't programmers, and for the most part don't really know what it's used for; they do know how to use it to do things like muck around with the Finder information. Just because it's not publicly available at this guy's site with a sign saying "Copy me" doesn't mean that people can't get copies of it. And, as you said, folks who do know how to use it can then use it to gut _any_ software on any Macintosh they please. -- David Walton Internet: dwal@midway.uchicago.edu University of Chicago { Any opinions found herein are mine, not } Computing Organizations { those of my employers (or anybody else). }
clarson@ux.acs.umn.edu (Chaz Larson) (08/03/90)
In article <1990Aug2.164635.6825@midway.uchicago.edu> dwal@ellis.uchicago.edu (David Walton) writes: >I don't think he actually said that ResEdit was available on the >machines (although I don't have the original message anymore, so I >could be wrong). In any case, lots of people have ResEdit who haven't >bought it, aren't programmers, and for the most part don't really know >what it's used for; they do know how to use it to do things like muck >around with the Finder information. Just because it's not publicly >available at this guy's site with a sign saying "Copy me" doesn't mean >that people can't get copies of it. And, as you said, folks who do >know how to use it can then use it to gut _any_ software on any >Macintosh they please. That's true, but do you [or more accurately, does he] want to mess around trying to secure his machine[s] from what could be the most powerful tool avaiable for the mac? From what I've read, FileGuard, along with many other products, can be very effective in deterring some attempts to mess with the machine, but none can really stand up to malicious attempts to circumvent them. t seems to me that the users of a public computing facility can be loosely split into two groups: 1. Clueless people. These folks just want to come in, use SuperPaint, and leave. They're not interested in how the machine works; only that it does. If they were to destroy something with ResEdit, they would do so because they launched ResEdit to see what it did, and got in over their heads. These folks don't bring ResEdit in with them; one can avoid problems by making sure that tools like ResEdit are not avaiable to them in the facility. 2. Computer-literate people. These folks know how the machine works, and have outside access to tools and such. They will very often carry things like ResEdit around with them. In my experience, trying to make a public facility immune to them is a losing proposition. <chaz> -- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Must think...bubble pipe will relax me and I think..." - Flaming Carrot clarson@ux.acs.umn.edu AOL:Crowbone
dwal@ellis.uchicago.edu (David Walton) (08/03/90)
In article <1941@ux.acs.umn.edu> clarson@ux.acs.umn.edu (Chaz Larson) writes: >In article <1990Aug2.164635.6825@midway.uchicago.edu> dwal@ellis.uchicago.edu (David Walton) writes: >>I don't think he actually said that ResEdit was available on the >>machines (although I don't have the original message anymore, so I >>could be wrong). In any case, lots of people have ResEdit who haven't >>bought it, aren't programmers, and for the most part don't really know >>what it's used for; they do know how to use it to do things like muck >>around with the Finder information. Just because it's not publicly >>available at this guy's site with a sign saying "Copy me" doesn't mean >>that people can't get copies of it. And, as you said, folks who do >>know how to use it can then use it to gut _any_ software on any >>Macintosh they please. > >That's true, but do you [or more accurately, does he] want to mess around >trying to secure his machine[s] from what could be the most powerful tool >avaiable for the mac? From what I've read, FileGuard, along with many other >products, can be very effective in deterring some attempts to mess with the >machine, but none can really stand up to malicious attempts to circumvent >them. > >t seems to me that the users of a public computing facility can be loosely >split into two groups: > > 1. Clueless people. > > These folks just want to come in, use SuperPaint, and leave. > They're not interested in how the machine works; only that it > does. If they were to destroy something with ResEdit, they > would do so because they launched ResEdit to see what it did, > and got in over their heads. These folks don't bring ResEdit > in with them; one can avoid problems by making sure that > tools like ResEdit are not avaiable to them in the facility. > > 2. Computer-literate people. > > These folks know how the machine works, and have outside access > to tools and such. They will very often carry things like > ResEdit around with them. In my experience, trying to make a > public facility immune to them is a losing proposition. > ><chaz> > - Flaming Carrot >clarson@ux.acs.umn.edu AOL:Crowbone I agree with all of your statements, but I guess I don't see your point. Yes, it's generally possible to secure a computer system against folks who aren't real computer-literate (which is operationally defined as folks who don't know enough to break security, which is therefore a truism). No, it's generally not possible to secure a machine against the people who are somewhat computer-literate (again, operationally defined as those folks who do know enough to break security). The question, then, is how many people are in the former vs. the latter group, i.e., how many people will be deterred from mucking up the machine by the security mechanisms? The answer: probably enough to make it worthwhile. Any experienced user, however, can generally break security without ResEdit: the easiest tool to use is a System disk. Boot the machine with a floppy, and viola, all of the protective INITs and cDEVs don't do anything. ResEdit helps, of course, for doing things like making the System Folder visible when necessary, but it's certainly not essential. Anyway, your point (I think) in your previous post was to ask why ResEdit was available on a (supposedly) secure machine. My response was that in fact the original poster didn't say it _was_, but it probably wouldn't matter anyway, because it's so easy to get a copy of it. Finally, protecting FileGaurd wouldn't do that much good, because a boot disk with ResEdit could bypass FileGaurd (by not installing it at boot time), and with ResEdit the user could cause as much mischief as his/her little heart desires. -- David Walton Internet: dwal@midway.uchicago.edu University of Chicago { Any opinions found herein are mine, not } Computing Organizations { those of my employers (or anybody else). }
clarson@ux.acs.umn.edu (Chaz Larson) (08/04/90)
In article <1990Aug3.163157.28701@midway.uchicago.edu> dwal@ellis.uchicago.edu (David Walton) writes:
paraphased: "What was your point, chaz?"
Boy, I was really in the mood to babble, yesterday, wasn't I?
My point, I guess, was that the original poster's worrying about ResEdit
being able to gut his security software seems a little needless. If ResEdit
is not available on the secured machine, then the only people he has to
worry about are malicious folks who bring ResEdit or similar tools into the
facility with the intent of using them for nefarious purposes, and attempting
to protect his FileGuard software from these people will be near impossible,
no matter what he uses.
If ResEdit _is_ available on the secured machine [which I assumed it was,
given that he seemed pretty concerned about the possibility] then he opens
himself up to average users saying "What's this?" and mucking around, as
well as encouraging the malicious ones.
An analogy would be: The front door of my house has a good, solid lock on
it [unpickable, according to the manufacturer]; however, any thief with a
chainsaw [a tool which is fairly easy to come by] could very easily bypass
the lock and go right on in, if he wanted my TV badly enough. I just don't
think losing sleep over trying to eliminate the fairly unlikely possibility
makes any sense.
Then again, I might just be babbling again, David. Fell free to ignore me
if I am... 8)
<chaz>
--
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"Must think...bubble pipe will relax me and I think..."
- Flaming Carrot
clarson@ux.acs.umn.edu AOL:Crowboneyahnke@vms.macc.wisc.edu (Ross Yahnke, MACC) (08/04/90)
In article <1990Aug3.163157.28701@midway.uchicago.edu>, dwal@ellis.uchicago.edu (David Walton) writes... -In article <1941@ux.acs.umn.edu> clarson@ux.acs.umn.edu (Chaz Larson) writes: -Any experienced user, however, can generally break security without -ResEdit: the easiest tool to use is a System disk. Boot the machine -with a floppy, and viola, all of the protective INITs and cDEVs don't -do anything. Sorry, Wrongo, read on... -it. Finally, protecting FileGaurd wouldn't do that much good, because -a boot disk with ResEdit could bypass FileGaurd (by not installing it -at boot time), and with ResEdit the user could cause as much mischief -as his/her little heart desires. You might want to try FileGuard out before saying stuff like this. FileGuard will effectively and completely prevent someone from accessing a protected volume, *even if they boot off a system diskette!*. When you boot a mac from a system diskette and the FileGuard protected volume mounts you will be asked for a password. If you don't have it the volume won't mount and is inaccessible, even from HD Setup--for those who would be so perturbed at such protection that they would attempt a low level format. FileGuard will allow "guest" access to a FileGuard protected volume, so you can boot off of the FileGuard protected HD without supplying a password; doing so of course puts the guest under the control of whatever options the FileGuard administrator has chosen. This can include the disallowal of inserting any diskette, which would prevent an unwanted ResEdit from running. It also makes it hard to save your docs on a diskette, tho you could use an AppleShare drop folder... What FileGuard lacks and needs is a way to prevent the lauching of undesirable apps like ResEdit. More importantly it needs a way to intercept the types of calls these apps could potentially make by malicious users bent on defeating FileGuard or screwing up other System Folder files. This was, I believe, the original posters concerns. Compared to A.M.E, from Casady & Greene, I find FileGuard a real useful, robust, ez to use program. >>> yahnke@macc.wisc.edu <<<
dwal@ellis.uchicago.edu (David Walton) (08/05/90)
In article <4141@dogie.macc.wisc.edu> yahnke@vms.macc.wisc.edu (Ross Yahnke, MACC) writes: >In article <1990Aug3.163157.28701@midway.uchicago.edu>, >dwal@ellis.uchicago.edu (David Walton--me) writes... > >-Any experienced user, however, can generally break security without >-ResEdit: the easiest tool to use is a System disk. Boot the machine >-with a floppy, and viola, all of the protective INITs and cDEVs don't >-do anything. > >Sorry, Wrongo, read on... > >You might want to try FileGuard out before saying stuff like this. >FileGuard will effectively and completely prevent someone from accessing >a protected volume, *even if they boot off a system diskette!*. When you >boot a mac from a system diskette and the FileGuard protected volume >mounts you will be asked for a password. If you don't have it the volume >won't mount and is inaccessible, even from HD Setup--for those who would >be so perturbed at such protection that they would attempt a low level >format. On your advice, I looked at it. You're right. Mea culpa. I've always been curious how security systems manage to do this. I assume that it's done by patching the device's SCSI driver. FileGaurd appears to install a Notification Task from the driver which prompts for the password (and masks the interrupts so that it's not possible to get into the debugger). Presumably what happens is the Open call sets a flag somewhere in the driver's private storage so that the first Control (or Status?) call installs the request, and the NM Response procedure clears the aforementioned flag, signifying that the driver can then respond normally to calls, and the driver posts a disk-inserted event so the startup application can mount it. In pseudo-code, case drvrMessage of open: ... userCleared:=false; doMount:=true;{ assume we should mount it } notificationPosted:=false; ... control: ... if doMount then if not (userCleared) then if not (notificationPosted) then begin NMInstall(...); notificationPosted:=true; end else if (notificationRecvd) then doMount:=false; else { Handle control calls normally } ... PostDiskInsertEvent else { Sorry, bucko, you're hosed } If this assessment is wildly (or even mildly) inaccurate, could somebody explain in general how the protection might be implemented? -- David Walton Internet: dwal@midway.uchicago.edu University of Chicago { Any opinions found herein are mine, not } Computing Organizations { those of my employers (or anybody else). }