Path: utzoo!attcan!uunet!lll-winken!lll-lcc!mordor!joyce!ames!ucsd!nosc!helios.ee.lbl.gov!pasteur!agate!garnet!weemba From: weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) Newsgroups: news.admin Subject: Re: Malicious posting worries (was re: A counter-example...) Message-ID: <11518@agate.BERKELEY.EDU> Date: 30 Jun 88 19:04:58 GMT References: <266@octopus.UUCP> Sender: usenet@agate.BERKELEY.EDU Reply-To: weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) Organization: Brahms Gang Posting Central Lines: 63 In-reply-to: pete@octopus.UUCP (Pete Holzmann) In article <266@octopus.UUCP>, pete@octopus (Pete Holzmann) writes: > 1) Booby traps are extremely rare. As far as I know, no posting > in ANY binary or source group has ever been booby trapped. Not quite. There was one April Fools' posting of an "unrm" that allegedly did all sorts of miracles to recover your rm-ed files. It actually moved your .login to some other place and substituted a "hahaha, you twit!" .login. > Not even a simple killer rm in a shar! Perhaps the following qualifies: The age-old "how do I remove a file with funny characters in its name?" question came up. Someone listed several standard answers, and then said, "if you *really* want to get rid of that file, `rm -rf ~' will do the trick :-)". This attempt at UNIX humor, smiley face and all, went right over one, uh, naive, user, and the sysadmin who had to deal with the mess was rather unhappy with the original joker. > 2) Nobody has the time or willingness to truly analyze every > program (binary OR source) posted to the net for booby > traps. One can, however, scan source code for inordinately complicated monkey- shines, comments that don't appear to match code, etc. I know I give a lookover to the short little sources I get. When some- one posts a 10K ELisp package that looks promising, I will give it a semiread, trying to understand what is happening. I recently grabbed two 10K Mandelbrot generators for X-windows. Again, I gave them both a semiread. "Ah yes, I know this algorithm well--hmm here's some more X nonsense, looks like other X nonsense, although to hell if I know what it means, etc." I cannot do this with *any* "short little" binaries. > Suppose that a new smail version were well > boobied? News 3.0? A time-delay trap could be hidden in > the source code, and a LOT of people could get hurt. > BUT THAT'S JUST THEORETICAL. Practically speaking, I'm > not too worried. Booby-trapped source code though refers almost certainly to someone on the net, either the author or someone who messed with his FTP archives. Booby-trapped binaries could come from anywhere, including someone to- tally innocent whose program got infected by a virus on his PC. I sometimes wonder if I should day be more paranoid or not about Gnews. When I announce a release, should I mention the exact byte count of the compressed tar file? That would be difficult for someone to tinker with. I could go further and write a simple public encryption checksum scheme that would then be nearly impossible to get past. That is, we already have tar, compress/uncompress, uuencode/uudecode, and unfortunately numerous shar/unshar. One more step would be to imple- ment a standard "verify". Perhaps the moderators of comp.sources.* will eventually include a "Key:" header. (Check out a recent comp.org.fidonet posting for a description of what's involved.) This could guarantee author's responsibility for source code funny busi- ness, but it wouldn't mean beans for binaries. ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720