[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

Re: :zz: Security risk? US? MOI??



On Thu, Oct 08, 1998 at 08:31:08PM +0900, Ted Nelson wrote:
> WOOPS!  Gee, Andrew,
> 
> I didn't realize we were a security risk.  I thought we were
>  always running in user spaces which had limited privileges.
>  And that while a master copy resides in system space somewhere,
>  it just got copied into user space prior to execution.

Yes, exactly.

> You mean a Perl program could break out of a user's
>  low-privileged space ?-(

Not normally.  That's not what I meant at all.  However, remember that
Zigzag files downloaded from the net are not necessarily written by the
same user who is viewing them, and therefore could contain malicious code
(trojans) in the cells written by a different user in order to have them
hopefully executed by the users downloading the Zigzag files!

For example, I could write and distribute a Zigzag file containing a cell
which when executed not only performs a "chug", but also emails me the
Netscape bookmark file (and other personal files) of the user running it.

Cheers,
	*** Xanni ***
-- 
mailto:xanni@xxxxxxxxxx                         Andrew Pam
http://www.xanadu.com.au/                       Technical VP, Xanadu
http://www.glasswings.com.au/                   Technical Editor, Glass Wings
http://www.sericyb.com.au/sc/                   Manager, Serious Cybernetics
P.O. Box 26, East Melbourne VIC 8002 Australia  Phone +61 3 96511511