The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V1 #36 1989-10-06 (1 file, 5714 bytes)
NOTICE: recognises the rights of all third-party works.


Security Digest Volume 1 Issue 36


            chroot and device files
            Legion of Doom information?
            summary: Sun secure NFS, C2, secure RPC, secure rexd
            Yow! A Brand New Inet Newsgroup
            Computer Viruses set to go off on October 12 and 13.
            Fifth Annual Computer Security Applications Conference


Date: Fri, 6 Oct 89 15:40:16 CDT
From: uunet!!jkimball (John Kimball)
Subject: chroot and device files

Some folks here want to set up a kermit area in our anonymous ftp area,
using the restrict program from Wood and Kochan.  (The restrict program is
meant to be specified as the user's shell;  it does a chroot to bottle the
user up, before invoking the real shell.)

I have heard tell that there are unspecified tricks one can play with
device files to examine the filesystem above the current root directory.
Kermit wants a /dev/tty.  Is it safe for us to create a /dev/tty in our
little bottled-up filesystem?


Date: Fri, 06 Oct 89 16:21:53 -0700
From: rtech!friday!sid (Sid Shapiro)
Subject: Legion of Doom information?

I'm looking for information on a cracker group calling themselves the
Legion of Doom.  Any information about who they are, what kind of
things they do, what kind of things they have done, or anything else
about them would be most appreciated.  Are they Bad Guys or
"enthusiasts" who look but don't touch?


Date: Tue, 10 Oct 89 06:42:31 CDT
From: uunet!!jkimball (John Kimball)
Subject: summary: Sun secure NFS, C2, secure RPC, secure rexd

A couple months ago I asked for people's opinions about the new optional
security features in SunOS 4.0.x.  Below is the information I collected.
Many thanks to the respondents!  (Some of this you've probably seen
already, but I decided it was worthwhile to have it all in one place.)

>  . . . Now I'm looking at Sun's enhancements for security:
> secure RPC (including secure NFS and secure rexd), and the C2 package.
> I recall hearing various disparaging things about the C2 stuff and secure
> NFS several months ago, but nothing recently.  So, to those people who
> are using or have tried to use secure RPC and/or the C2 package:
>     o Do they work?
>     o What are the benefits?
>     o What are the disadvantages?

-From: Jason Heirtzler <jdh%[email protected]>

That seems to be the same feeling that everyone is giving
me.  It doesn't seem like anyone uses it (or is too paranoid
to admit it.. :-)

Anyway, the shadow password stuff works without a lot of
pain, and that's about where I stopped.

-From: uunet!Sun.COM!gkass%slapshot.EBay (Gordon Kass)

A number of bugs in SunOS 4.0 C2 were fixed in SunOS 4.0.3 and a number more
were fixed thereafter and are available from the USAC (Sun's U.S. Answer Center)
as a patch tape.

Yes, the C2 stuff does work.
Benefits:  if you want C2 security and what that offers, then this is how to
get it.  C2 security primarily offers:
        *  split password files, keeping the encrypted passwords from being
           readable by everyone
        *  auditing, selectable per-user, allowing one to track assorted events
           going on in the system.
Disadvantages:  if you audit a lot of events, it'll take up a lot of disk
space (although you can archive or "rm" as you like) and it might slow down
performance some.

Note that C2 and other levels of Orange Book security are slightly different
than penetration security.  (If this leaves you puzzled, e-mail me for more

(we did the C2 stuff, along with a lot of other things)

-From: [email protected] (Sam Finn)

Pursuant to a bug report, I have been informed by Sun that the secure feature
of rexd (the -s option documented in the manuals) performs no function at this
time. DES authentication does not exist for rexd or the on(1) command, and
is not expected to before 4.1FCS.

At present, with rexd enabled on a workstation there is no way to prevent
another user on another wholey unrelated system from using the workstation's
CPU, disk, etc., for his/her own purposes.

Sun informs me that this applies only to the on(1) command and rexd; in
particular, DES authentication in secure RPC is functional.

-From:  [email protected] (Ed Keizer)

While converting from SunOS 3.5 to SunOS 4.0.1 we decided to use
the secure NFS software to protect the staff file systems at our faculty.

The first sign of `something wrong somewhere' was that the server
exporting the Secure NFS system started crashing about once a week
on null pointer derefences in kernel code connected with authorization.
We also had to reboot one of our diskless clients after each crash.
That client had produced the error message:
        vmunix: authget: authdes_create failure
and could not be convinced to perform any further accesses the Secure
file system, not even after rebooting the server.

We did not pursue this in the hope that SUN would have repaired this
in SunOS 4.0.3. We would have started searching if we had the kernel code,
but we don't so we left it at that, although it was somewhat annoying.

Then, one day, our server produced the following error message:
        vmunix: ie0: out of mbufs: output packet dropped
while  more than a few diskless clients produced the message mentioned
This was the sign to start a search for an mbuf leak in the kernel.

We found that each unauthorized access to a Secure File System used
10 `mbufs allocated to data' which where never freed.
An unauthorized access happens when a process with a uid that
has a public key in the publickey data bases tries an access from
a client that does not have that users private key.

Unauthorized accesses happen whenever a user with a key in
the publickey database and his or her home directory on the
Secure file system does an rlogin, reading $HOME/.rhosts, to a
client he or she has never used before. Or, when somebody tries
the well-known trick of `su user' after becoming super-user in
order to access that users files over the network from a client
that does not have that users private key.

We often have two of these `Unauthorized access' messages:
        vmunix: NFS getattr failed from server: RPC: Authentication error
when one of the events mentioned above happens.
That means that each event costs us twenty mbufs. Mbufs are are finite
resource. The kernel code limits the amount of memory dedicated to mbufs
to 1 Mb. In practice this means that we have to reboot our Secure NFS servers
every second day. We see the amount of mbufs allocated to data growing
from about 20 to 2924 and higher.

We had our first SunOS 4.0.3 system running yesterday. The bug was still
We reported this problem to SUN through the official channel a few days ago,
but have not yet received an answer.


Date: Wed, 11 Oct 89 11:12:59 PDT
From: neil (Neil Gorsuch)
Subject: Yow! A Brand New Inet Newsgroup

[ Posted to the nntp managers mailing list by eric Fair: - neil ]

just for those of you who can't worry enough:

This newsgroup will be mirroring a moderated mailing list that the
DARPA Computer Emergency Response Team (CERT) maintains for makign
important announcements about computer security. If you have
any questions about that, drop a note to [email protected]

[ The mailing list is an output-only broadcast list with no formal
input channel that is used by CERT to send out announcements to their
contacts.  One of the contacts is zardoz.  I of course re-broadcast
any appropriate information to the security list.  I am glad that has finally been created, it fills a definite
need - neil ]


Date: Thu, 12 Oct 89 12:30:07 PDT
From: neil (Neil Gorsuch)
Subject: Computer Viruses set to go off on October 12 and 13.

[ This was in usenet news group news.announce.important - neil ]

There are a pair of computer viruses ready to go on October 12 and 13
of this year.  If you have an IBM or compatible PC, you may have a virus
on your system.  If your .COM or .EXE files have grown by 1000 or so
bytes, they may be infected.

One virus is known as the Jerusalem virus, and is set to go off
on or after the next Friday the 13th.   It can add itself to
your executable files, slow down your system, and in some cases
erase your hard disk.

The other is the DATACRIME virus.  It is not as common as the Jerusalem
virus, but will immediately and without warning wipe out your disk.

You are strongly urged to take a complete backup of your disks before
the 12th.  Since viruses often spread through public domain software,
use of binary software that is not shrink wrapped should be avoided.

There are commercial virus detection programs on the market.  One is
the ViruScan program from McAfee Associates, in California.  It
detects some 39 viruses (in the 9-28-89 version.)  Their telephone
number is 408-988-3832.

Another source is Rikki Cate, in Amsterdam.  The product, Cate's Cure,
detects the DATACRIME virus.  Cate's telephone is 31-20-981963 in
the Netherlands.


Date: Thu, 12 Oct 89 12:33:36 PDT
From: neil (Neil Gorsuch)
Subject: Fifth Annual Computer Security Applications Conference

[ This was in usenet news group - neil ]

          Fifth Annual Computer Security Applications Conference

                               formerly the

            Aerospace Computer Security Applications Conference

                            December 4-8, 1989
                   Westward Look Hotel, Tucson, Arizona

                               Sponsored by
             IEEE Technical Committee on Privacy and Security
                 American Society for Industrial Security
                  Aerospace Computer Security Associates

                      Conference  Highlights
         Keynote  Speaker                       Luncheon  Speakers
           -----------                       ----------------
    Senator  Dennis DeConcini                 Mr.  Charles. T. Force
         (D - Arizona)                                NASA
                                                   Mr. Dave Fitzsimmons
                                                Cartoonist, Arizona Daily Sun
                       Distinguished Lecture
                                in Computer Security
                          "INFOSEC:  Where Are We  Going?"
                      Mr.  Stephen  T. Walker
                            Trusted Information Systems

                        Tutorial Program

                    Monday, 4 December 1989

         "Secure  System  Design - An Introduction"
                 Mr. Morrie Gasser, DEC

                     "Database Security"
                     Ms.Teresa Lunt, SRI

                           Tuesday, 5 December 1989

               "Secure System Design - Advanced"
                  Dr. Virgil Gligor, University of Maryland

             "A New Approach to Network Security"
              Mr. Jerome Lobel, Lobel Consulting

                     "Computer Crime"
      Ms. Gail Thackeray, Arizona  Assistant  Attorney  General

                            Technical Program

                 Wednesday - Friday,     6-8 December 1989

        Technical Paper Sessions
            +  Architecture  for Trusted Systems
            +  Network Security
            +  Cryptographic Applications
            +  Architecture and Mechanisms
            +  Security Policy and Models
            +  Risk Management
            +  Software Development for Security
            +  Data Base Security I  &  II
            +  Security for Command and Control
            +  Audit Applications
            +  Trusted Distribution

        Panel  Sessions
        +  Computer Crime
            +  Data  Base  Design  for MLS
            +  TCB Subset Issues
            +  Human Issues
            +  Gemini Users
            +  International INFOSEC Standards
            +  Integrity
            +  Shoot Out at the OSI Security Corral
            +  Civil Sector Security
            +  Security Standards for Open Systems
            +  Space Station Information Security
            +  Data Integrity and Security for Computer Aided
               Acquisition  and  Logistics Support  (CALS)

                           Special Events

        Biosphere II: a prototype of the Earth for the future
    Sonora Desert Museum: living animals and plants of the Sonoran
                             Desert Region

                       Additional Information

    For a copy of the  advance  program,  which  includes  rates,
    schedule, registration form, and special activities, contact:
    Diana Akers, Publicity Chair, (703) 883-5907
          akers%[email protected]
    Victoria Ashby, Co-Chair, (703) 883-6368
          ashby%[email protected]
     The MITRE Corporation, 7525 Colshire Dr., McLean, VA  22102

    If your organization wishes to  consider  placing  a  related
    exhibit  at  the  conference,  a limited number of spaces are
    available  on  a  first  come  -  first  serve  basis.    For
    information, contact:
       Robert D. Kovach, Exhibits Chair, (202) 453-1182,
                rkovach%[email protected]

    Advance Programs will be available early September.  Please
                 request one at that time.

    Conference proceedings and  videotape  of  the  Distinguished
    Lecture will be available.

    Program Subject To Change


        End of Security Digest Volume 1 Issue 36