[3114] in WWW Security List Archive
Re: New and destructive word macro virus
daemon@ATHENA.MIT.EDU (David W. Morris)
Fri Sep 27 23:35:22 1996
Date: Fri, 27 Sep 1996 18:54:07 -0700 (PDT)
From: "David W. Morris" <dwm@shell.portal.com>
To: John Cronin <John.Cronin@oit.gatech.edu>
cc: "David M. Chess" <CHESS@watson.ibm.com>, www-security@ns2.rutgers.edu
In-Reply-To: <199609272110.RAA05990@oit.gatech.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 27 Sep 1996, John Cronin wrote:
> I have to partially disagree here. While it is theoretically possible
> to write a virus for Unix for instance, for it to really do damage, it
> would have to be run as root. If a non-root user runs a program that
Huh ... no theory here ... I would clasify the cancelbot which trashed
a bunch of alternate life style newsgroups earlier in the week as a
virus. The internet worm was a virus. Depending on what code is
executed in the user's environment, there is all kinds of risk. For
example, one of my client installations uses NIS shadow passwords and
yet the libc support for reading the crypted password worked just fine
from a perl program I wrote. So while the /etc/passwd file didn't
deliver the insight directly, it could provide the list of keys needed
to fetch passwords which would then be hacked via crack.
And so forth. Not all viruses cause direct damage. A typical UNIX system
has all kinds of world readible data which is presumed to be safe behind
the firewall but isn't if there is a backdoor based on imported code.
PC viruses have been popular with crackers because network access such as
enabled the worm has not been available so the crackers figured out an
alternative for spreading their grief. Then they used a time driven
trip wire to achieve the world wide effect achieved on interconnected
UNIX systems. In each case the problem surfaces over a wide area with
little warning.
So I think UNIX systems need to be just as concerned about the execution
of unauthorized code as do users of PCs.
Dave Morris
