At 21:33 1995.10.10 -0700, Patrick Horgan wrote:

Paul said:

...

A fine piece of work. The ideas expressed in this paper should scare the hell out of everyone who uses NFS for any serious applications, which for a fact includes most banks and all investment banks and brokage houses. In this particular area I KNOW what is at risk. Again, I congratulate the authors on a first-class effort.

I agree, it's a good job of publicizing these holes, but (not to take anything away from these guys, I'm sure they know this), these are not newly found holes. These attacks on NFS have been known and exploited for years and are well known within the security community.

To repeat a comment I made in sci.crypt... the described hole applies equally well to a program (virus or other) that sits on a workstation and intercepts calls to OS file services. This is particularly pernicious on platforms like PCs, but are there any platforms that don't have this potential flaw? The main question, in my mind, is: How can a user know he is even running the app he thinks he's running? Once you have an attacker who can intercept OS file system calls, it seems to me you can know -nothing-... checksums are no use, signatures are no use, nothing is any use at that point -- including keeping your authent software on a floppy, write-protected or not, since it can simply be patched as it's read in, or the system may just execute a different program altogether. In fact, if it's properly done, there may not be any way to even detect that the system has in fact been subverted. So: If you can't trust your path to your own file system, what can you trust? (And this is without even talking about things like firmware upgrades and BIOS patches and all sorts of other potential approaches.) Can we do no better than simply assume the local workstation file system can be trusted? Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184 Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019