LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue44/lg_answer44.html

568 lines
18 KiB
HTML
Raw Permalink Blame History

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.2M.j">
<TITLE>The Linux Gazette 44: The Answer Guy</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
<img src="./../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Guy</font>
<img src="./../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By James T. Dennis,
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
LinuxCare,
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
</H4>
</center>
<p><hr><p>
<!-- endcut ======================================================= -->
<H3>Contents:</H3>
<p><a href="#tag/greeting"
><img src="./../gx/dennis/bbub.gif" alt="(!)" border="0"
align="middle"><strong>Greetings From Jim Dennis</strong></A></p>
<DL>
<!-- index_text begins -->
<dt><A HREF="tag/1.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Linux and Windows 95 --or--
<dd><A HREF="tag/1.html"
><strong>Running Win '95 Apps under Linux</strong></a>
<dt><A HREF="tag/4.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>PPP disconnect --or--
<dd><A HREF="tag/4.html"
><strong>PPP + minicom Disconnects</strong></a>
<br>WvDial Success
<dt><A HREF="tag/7.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Linux Partition conflicting with Win98 --or--
<dd><A HREF="tag/7.html"
><strong>Makes Windows Explorer Choke</strong></a>
<br>More complex than that, really.
<dt><A HREF="tag/9.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>
ftpacess and the Incoming Conundrum
</strong></a>
<dt><A HREF="tag/11.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>IP forwarding and Linux</strong></a>
<dd>Turning it off.
<dt><A HREF="tag/12.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>IP forward --or--
<dd><A HREF="tag/12.html"
><strong>TCP/IP Port Relaying</strong></a>
<dt><A HREF="tag/14.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>This month's "paltry" offerings --or--
<dd><A HREF="tag/14.html"
><strong>Typos</strong></a>
<dt><A HREF="tag/17.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>can't help it --or--
<dd><A HREF="tag/17.html"
><strong>
Spellcheck Award!
</strong></a>
<dt><A HREF="tag/18.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>ppp & voicemail</strong></a>
<dt><A HREF="tag/19.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>Unsupported Floppy Formats: 'dd' Maybe</strong></a>
<dt><A HREF="tag/20.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>minicom --or--
<dd><A HREF="tag/20.html"
><strong>
Minicom Calling a Procomm Host
</strong></a>
<dt><A HREF="tag/21.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>AHA 2940 SCSI timeout errors --or--
<dd><A HREF="tag/21.html"
><strong>
was: Plug and Pray SCAM
</strong></a>
<dt><A HREF="tag/21.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>AHA 2940 SCSI timeout errors --or--
<dd><A HREF="tag/21.html"
><strong>
More on: SCSI Resets Due to Command Timeouts
</strong></a>
<dt><A HREF="tag/21.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>AHA 2940 SCSI timeout errors --or--
<dd><A HREF="tag/21.html"
><strong>
SCSI Resets Due to Command Timeouts
</strong></a>
<dt><A HREF="tag/24.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Desqview/Linux --or--
<dd><A HREF="tag/24.html"
><strong>
Assembly Language Programming for an old DESQview User
</strong></a>
<dt><A HREF="tag/25.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>DESQView 386 --or--
<dd><A HREF="tag/25.html"
><strong>
DESQview/386 Die Hards into the Next Millennia
</strong></a>
<dt><A HREF="tag/26.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>cdr's --or--
<dd><A HREF="tag/26.html"
><strong>CDR Media: Silver and Gold and Blue, Oh my!</strong></a>
<dt><A HREF="tag/28.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>get to know --or--
<dd><A HREF="tag/28.html"
><strong>Downloading a copy of Linux</strong></a>
<dt><A HREF="tag/29.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>quick swap Q --or--
<dd><A HREF="tag/29.html"
><strong>
And from Radioland....
</strong></a>
<dt><A HREF="tag/30.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>video timings needed --or--
<dd><A HREF="tag/30.html"
><strong>
Video Timings: Configuration Curse
</strong></a>
<dt><A HREF="tag/31.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Help ! --or--
<dd><A HREF="tag/31.html"
><strong>
Accessing Private Net Addresses from the Public Internet
</strong></a>
<dt><A HREF="tag/32.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>Linux gazette article, July 1999</strong></a>
<dt><A HREF="tag/33.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Dao --or--
<dd><A HREF="tag/33.html"
><strong>
Helpless
</strong></a>
<dt><A HREF="tag/34.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>linux memory --or--
<dd><A HREF="tag/34.html"
><strong>
Free Memory vs. Buffers
</strong></a>
<dt><A HREF="tag/35.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>Copying boot partitiion</strong></a>
<dt><A HREF="tag/36.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>I am a begining Linux user, PLEASE Help! --or--
<dd><A HREF="tag/36.html"
><strong>
SiS 6326 and XFree86
</strong></a>
<dt><A HREF="tag/37.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>ide-cd module --or--
<dd><A HREF="tag/37.html"
><strong>
Reading CD Discs on an IDE CDR Drive
</strong></a>
<dt><A HREF="tag/38.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a> LILO problem.. again --or--
<dd><A HREF="tag/38.html"
><strong>Persistent LILO: Won't Start! Won't Go Away!</strong></a>
<dt><A HREF="tag/39.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Question --or--
<dd><A HREF="tag/39.html"
><strong>
The Lost Art of Helper Apps
</strong></a>
<dt><A HREF="tag/40.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>finding Changelogs --or--
<dd><A HREF="tag/40.html"
><strong>
Kernel Patches and Change Logs
</strong></a>
<dt><A HREF="tag/41.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>Installing Win NT 4.0 Workstation and Dual booting Win NT 4.0 Workstation and Win 95 B</strong></a>
<dt><A HREF="tag/42.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>pc-mos --or--
<dd><A HREF="tag/42.html"
><strong>
5 1/4" Floppies: Truly Dead
</strong></a>
<dt><A HREF="tag/43.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Hdd track 0 bad. --or--
<dd><A HREF="tag/43.html"
><strong>
How to Use a Disk with a Bad Track 0
</strong></a>
<dt><A HREF="tag/44.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
><strong>Benchmarks</strong></a>
<dt><A HREF="tag/45.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>DosLinux --or--
<dd><A HREF="tag/45.html"
><strong>
What part of "Win Modem" Didn't you Understand?
</strong></a>
<dt><A HREF="tag/46.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>128M Ram question --or--
<dd><A HREF="tag/46.html"
><strong>
Seeing only 13M of RAM
</strong></a>
<dt><A HREF="tag/47.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>A Fair price for CD duplication --or--
<dd><A HREF="tag/47.html"
><strong>
CD Duplication Services: Spam?
</strong></a>
<dt><A HREF="tag/48.html"
><img src="./../gx/dennis/qbub.gif" height="28" width="50"
alt="(?)" border="0"
></a>Proxy server --or--
<dd><A HREF="tag/48.html"
><strong>
Proxy Program?
</strong></a>
<!-- index_text ends -->
</DL>
<!-- .~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~.~~. -->
<A NAME="tag/greeting"><HR WIDTH="75%" ALIGN="center"></A>
<H3 align="left"><img src="./../gx/dennis/bbubble.gif"
height="50" width="60" alt="(!) " border="0"
>Greetings from Jim Dennis</H3>
<!-- begin greeting -->
<p>
Well, the book is done at last. It's off to the publishers and
beyond our control. Naturally M and I are are already thinking
about things to improve for the second edition.
</p>
<p>
Meanwhile in "Answer Guy" land I was a bit surprised by the
reaction to my comment on Bernie's "parenting" from last month. I
expected a few flames, and maybe one or two notes of agreement.
Naturally I hesitated to even respond to the question at all.
</p>
<p>
I figured someone would toss the old "what do you know about being
a parent?" bomb at me. Of course, I don't know anything about
"being a parent;" not first hand, so far. However, that's not the
reaction I got. I had several people drop me notes and come to me
in person to say how much they agreed with me. At least one was a
grandparent.
</p>
<p>
However, I did neglect to add one thing to my flame. Normally when
I "flame" someone (in my column or in e-mail/netnews) I also answer
their question. In this case the answer to Bernie's question came
within a couple of weeks after I wrote my response to him.
</p>
<blockquote><dl>
<dt>Back Orifice 2000.
<dd><a href="http://www.bo2k.com/"
>http://www.bo2k.com/</a>
</dl></blockquote>
<p>
This package, a freeware (and open source) product of the cDc (Cult
of the Dead Cow) offers just the features that Bernie was looking
for. Using it you can perform keystroke logging, take screen shots
of your victim's work (or play), redirect their TCP/IP traffic so
that it all goes through your system, play with their filesystem
(almost undetectably) and (of course) surreptisiously install any
other software you like.
</p>
<p>
The BO2K server runs on NT, Win '95 and Win '98 (and on the most
recent betas of Win 2000, from what I hear). There are clients for
Win32 (of course), and command line clients for Linux and other
forms of UNIX. Since BO2K is open source it can probably be ported
to as many other UNIX-like operating systems as you like.
</p>
<p>
It might be interesting to see what happens when some programmers
start combining features of BO2K with VNC (Virtual Network
Computing) a package which provides GUI remote access to Win32
and MacOS platforms. VNC clients are available for Linux, Win32,
and Java (among others).
</p>
<p>
Both VNC and BO2K are released under the GPL, so they should be
license compatible. We don't run into the sort of problem one
would face when trying to mix BSD and GPL code (for example).
</p>
<p>
Of course BO2K was released <em>after</em> my message to Bernie. However
it is an upgrade (a complete re-write, from what I've read) to the
original BO. BO was released last August. The fact is that I
didn't know much about BO. I'd heard about it, of course.
However, I don't administer any Windows systems and I have no
interest in using trojan horses. So I simply filed it away as
evidence of vulnerabilities in "that legacy operating system from
Redmond."
</p>
<p>
UNIX and Linux are riddled with vulnerabilities. We find new
buffer overflows and race conditions every week. Most are simple
programming errors that are fixed as quickly as they are found.
Occasionally we find exploitable flaws in the kernel (like the LDT,
local descriptor table, bug that Linus found a couple of years
ago). Those are also fixed quickly.
</p>
<p>
This suggests that the design of UNIX is relatively sound with
respect to security, since the bugs are at an implementation level.
They are easily fixed.
</p>
<p>
It also suggests that the design is limited. It is very difficult
to write "secure" code for Linux and UNIX. In particular it seems
that the standard C libraries are a poor base for writing robust
applications code. The most straightforward ways to accomplish
many operations in C through the standard libraries (<tt>scanf()</tt>,
<tt>printf()</tt>, <tt>system()</tt>, <tt>popen()</tt>) are simply
inappropriate for working with untrusted data or being run in any
security context other than that of the user who is executing it.
In other words, SUID and SGID programs, and daemons should eschew
many of the standard library functions. The programming expertise
required to distinguish between the "safe" practices and those that are
exploitable provides us with a severe limitation to the security of
our systems.
</p>
<p>
I asked a programmer and design engineer (the major force behind
the design of the Corel Netwinder) about the sorts of bugs that are
exploited by BO2K to gain full control of NT and W2K systems.
Basically I asked if the released version of W2K could fix these
holes to prevent BO2K from being used as a trojan. He said that
the nature of these bugs is far too pervasive to be fixed by
Microsoft in the remaining time before their final release. The
APIs used by BO2K are apparently also used by many other products
and parts of the OS.
</p>
<p>
I'm not a programmer. However, that does sound like a design level
problem. It suggests that no amount of implementation effort will
"fix" the problem. This is consistent with other things I've heard
and read about NT since before version 3.0 (the first release).
</p>
<p>
So, I'm glad I invested the time to learn UNIX and Linux rather
then spending the time in the rat's wheel to learn the guts of NT.
The important things that I learn about Linux are applicable to
other forms of UNIX, and will be around for as long as these
operating systems exist. The few things I learn about NT and
other MS operating systems are going to be obsolete within one
or two future releases of the system.
</p>
<p>
The whole issue of BO2K as a "trojan horse" is interesting.
Naturally Microsoft would like everyone to focus on the "hacker"
(cracker, actually) image of the cDc. They characterize BO2K as
purely malicious. The cDc makes this easy with their irreverant
attitude and provacative "marketing." I personally don't like
the name of the group or their product. However, it would be
shooting to messengers to discount the value of the package based
solely their name.
</p>
<p>
BO2K is just a tool. It has no ethics. It has legitimate uses.
It can be put to unethical uses. The exploitable flaws that allow
it to be used perniciously should be fixed.
</p>
<p>
A Melissa or WinExplorer.zip style delivery of a BO2K derived
trojan is a major security risk for all organizations that rely on
Win32 based systems (NT, '9x, and W2K).
</p>
<p>
We can be thankful to the cDc that they chose to publish these, so
that everyone including Microsoft has a chance to address the real
problem --- and we can only wonder how long these bugs have been
secretly exploited by more clandestine groups and individuals.
</p>
<p>
In last month's blurb I talked about the Linux reaction to an
"offensive" messenger (Mindcraft). My point was that the Linux and
Apache developers didn't ignore the message while discrediting the
messenger. We'll see if Microsoft can learn from that example.
</p>
<p>
Meanwhile, Bernie, if you're reading this, feel free to
use BO2K. I'll let you wrestle with your own conscience and come
to your own conclusions about the ethical implications and
practical repurcussions of *how* you use it.
</p>
<p>
In the past I've occassionally tried to honor a "tech of the
month." Unfortunately I haven't had the time to maintain that as a
tradition. This month, for variety, I'll point to a "link of the
month:"
</p>
<blockquote><dl>
<dt>Linux Games - Even Penguins Like To Have Fun
<dd><a href="http://www.linuxgames.com/"
>http://www.linuxgames.com/</a>
</dl></blockquote>
<p>
Meanwhile, if you haven't had enough of my writing for one month,
look to the <a href="http://www.linuxcare.com/">Linuxcare Inc. web site</a>
in coming weeks. I may be writing to a more "corporate" audience there
on a regular basis.
</p>
<!-- end greeting -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 1999, James T. Dennis
<BR>Published in <I>The Linux Gazette</I> Issue 44 August 1999</H5>
<H6 ALIGN="center">HTML transformation by
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
Starshine Techinical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H6>
<P> <hr> <P>
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="index.html"
><IMG SRC="./../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="/index.html"
><IMG SRC="./../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="./lg_bytes44.html"
><IMG SRC="./../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="./lg_tips44.html"
><IMG SRC="./../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink