From: wcalderw@dante.nmsu.edu (CALDERWOOD) Subject: Re: Installation: SLS vs SCO Date: 16 Apr 1993 23:29:09 GMT
Colin Jenkins (jenkins@DPW.COM) wrote:
: In article <1pfba3$2pj@nz12.rz.uni-karlsruhe.de> s_titz@ira.uka.de (Olaf Titz) writes:
: >Excuse me for being pedantic, but at least this is no valid argument.
: >First, a compiler is no security problem, since a compiler does not
: >introduce any new features which could be holes, it is just a
: >convenience tool.
:
: I disagree. A compiler represents a huge security hole. System attacks
: can be mounted at the lowest level using a compiler. If memory serves,
: the Internet worm of a few years ago propogated itself by recompiling
: itself and redistributing the source to other systems for recompilation.
:
: >Second, a dedicated hacker could use even use emacs to create a binary
: >executable. (Followup->alt.folklore.computers :-)
:
: Agreed, however few people have the time, patience, or knowledge required
: to generate any program of significant complexity by hand. The compiler
: would make attacks easier and faster and more available to hackers of
: lesser talents.
:
: Not that I am arguing against making compilers available, or that linux
: is inferior by virtue of poor security- simply that compilers do represent
: potential security problems.
:
:
:
: Colin
You are wrong about the Internet Worm.
"There were 3 methods used by Robert Tappan Morris to accomplish unauthorised
access to machines and multiply his worm.
1. Try to run a remote shell using rsh. Some machines will permit access
using rsh with out any other authentication. If this worked then the shell
uploaded the worm program and continued to infect other machines.
2. Used finger. The worm would finger a site with a specially crafted
536-byte string as the parameter. This string overflowed the daemon's
buffer and overwrote its stack. There was a bug in the daemon at the time
which did not check for overflow. When the daemon returned from the procedure
it was in at the time it got the request it returned to the procedure inside
the 536-byte string on the stack. This procedure tried to run /bin/sh. Thus
allowing access.
3. Used a bug in the mail system, sendmail, which allowed the worm to mail
a copy of the bootstrap and get it executed.
Once the worm was running on the new machine it would try to crack passwords
and gain access to other machines perhaps even cycling back to the same machine
at some time thus creating multiple copies of its self." (PG. 184,
Modern Operating Systems, Andrew S. Tanenbaum)
William A. Calderwood
wcalderw@nmsu.edu