From owner-freebsd-security Fri Jun 1 14:19:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-66.dsl.lsan03.pacbell.net [63.207.60.66]) by hub.freebsd.org (Postfix) with ESMTP id 7753037B422 for ; Fri, 1 Jun 2001 14:19:17 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 8FA72675B2; Fri, 1 Jun 2001 14:19:16 -0700 (PDT) Date: Fri, 1 Jun 2001 14:19:16 -0700 From: Kris Kennaway To: "Peter C. Lai" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601141916.A88206@xor.obsecurity.org> References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> <20010601013041.A32818@area51.dk> <3B16D9C8.2F6CE52E@ursine.com> <00cc01c0eaa2$30bd7ca0$8caa6389@resnet.uconn.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00cc01c0eaa2$30bd7ca0$8caa6389@resnet.uconn.edu>; from sirmoo@cowbert.2y.net on Fri, Jun 01, 2001 at 09:53:08AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jun 01, 2001 at 09:53:08AM -0400, Peter C. Lai wrote: > usually on untrusted systems (such as a public terminal), i ssh via > mindterm's java ssh client which is stored on the system that i access. It > only uses SSH1 (because they haven't written an SSH2 client yet). The java > applet version i'm using is unsigned, and therefore should run in it's own > sandbox wrt to the java runtime that i am using. Barring a trojaned java > runtime that record all keystrokes, how else is using a trusted client > stored on a trusted machine from an untrusted terminal dangerous? So many ways..another process running as you can monitor/intercept/modify the operation of the JVM because there's no protection against doing that under UNIX (the protection only exists between different processes running as different users); the kernel, or another process can record keystrokes (I don't know if mindterm is a text-based client or GUI, but it doesn't matter); the client can be trojaned without your knowledge (how did you KNOW it's "trusted"?), etc. You should just accept the fact that it's not possible to run trusted software in an untrusted environment, and if the system wants to compromise your software badly enough they can. There have been some interesting mathematical steps in this direction (involving computing of a certain class of function which are "encrypted" but in an isomorphic form, where the desired computation commutes with the operation of encryption so the untrusted system can perform the computation without knowing what it's doing) -- but nothing remotely usable. Kris --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7GAbTWry0BWjoQKURAiSEAJ49zvaswluzvqGFPOIkdykWd6FUBQCgp9P1 I6vPIdQQW0MNmBuI9EURces= =anfw -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message