[13854] in cryptography@c2.net mail archive
Re: [Fwd: BugTraq - how to coverup the security]
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Jul 15 23:03:25 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <200307150051.h6F0pBv23009@chipotle.cs.dartmouth.edu>
Date: Tue, 15 Jul 2003 10:22:49 -0700
To: Sean Smith <sws@cs.dartmouth.edu>
From: Bill Frantz <frantz@pwpconsult.com>
Cc: cryptography@metzdowd.com
At 5:51 PM -0700 7/14/03, Sean Smith wrote:
>If you don't design a trusted path into the system, why should
>you expect there to be one?
The idea of "trusted path" seems to have been lost in history. Both Redhat
Linux and Macintosh System X have the worrisome habit of asking you for
your administrator password (root password in the case of Redhat) as part
of their online system update procedure. It seems to me that any program
could pop up such a dialog, and it wouldn't look any different.
Back in the old days, flipping the online/offline switch on a 3270 terminal
would cause VM/370 to disconnect the currently logged on user and display
the logon screen. KeyKOS uses the "SysReq" key for the same purpose.
Trusted path was an Orange Book requirement. What happened?
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | "A Jobless Recovery is | Periwinkle -- Consulting
(408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave.
frantz@pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
