Re: Who is an intruder?

Peter G. Neumann (neumann@csl.sri.com)
Wed, 24 Aug 94 17:22:32 PDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Millar: "Re: so, shall we get started?"
Previous message: Andrew PRUSEK: "Who is an intruder?"

Andrew, 

Please BE VERY CAREFUL in dealing with the concept of authority.
A good example to illustrate why this is so is the 1988 Internet Worm.
[Good Grief, that was almost SIX years ago.]

  Does the sendmail debug option require any authorization?  NO.
  Did the exploitation of the finger flaw require any authorization?  NO.
  Does using an entry in a .rhosts file require any authorization?  NO.
  Does reading an encrypted password file require any authorization?
    MAYBE or MAYBE NOT, depending on the particular system.
    But then suppose you are LEGITIMATELY entitled to be superuser,
    and you maliciously do a dictionary attack on the password file.
    Does doing the dictionary attack require any (further) authorization?  NO.

As you can see, questions of exceeding authority are exceedingly sticky.

Yes, without an explicit authorization policy, everything is murky.
But all of the existing authorization policies still leave everything
somewhat murky, except for a mandatory multilevel security policy 
implemented with lots of levels and millions of compartments and set up 
so that each special interest has its own compartment.  Only then can you
have a situation in which what is authorized is precisely that which is
intended to be possible.  

Peter Neumann

Next message: Dave Millar: "Re: so, shall we get started?"
Previous message: Andrew PRUSEK: "Who is an intruder?"