Re: Ancient history [was Re: Public disclosure ...]

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 06/11/05

Next message: Jon A. Solworth: "Re: More on garbage"

Previous message: David Wagner: "Re: More on garbage"
In reply to: Peter Grandi: "Re: Ancient history [was Re: Public disclosure ...]"
Next in thread: Douglas A. Gwyn: "Re: Ancient history [was Re: Public disclosure ...]"
Reply: Douglas A. Gwyn: "Re: Ancient history [was Re: Public disclosure ...]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 11 Jun 2005 02:48:59 +0000 (UTC)

Peter Grandi wrote:
>These and many other things were well known and papers were
>written on them. I remember reading some rather amusing papers
>about the Air Force and MITRE ''tiger team'' and their attacks
>on Multics and Burroughs OSes (around 1970-1975), never mind the
>paper (probably in the IBM SJ) about control block ''modify
>after verify'' security issues in MVT/MVS/VM. These are classic
>works, and that they may have been forgotten says a lot about
>the current state of the art...

I think I'm familiar with some of that work, but I don't remember
ever seeing any discussion, say, of the security relevance of a
double-free bug and how to exploit it to inject malicious code.
If this was well-known, I don't recall seeing it in any paper I've
read from those years. Is there some other paper I'm missing?

I don't see what "modify after verify" has to do with any of the
attacks I mentioned. "modify after verify" sounds like a TOCTTOU
attack -- but I didn't claim that TOCTTOU attacks were unknown 20
years ago.

> http://WWW.Research.IBM.com/journal/rd/255/auslander.pdf
> http://WWW.Research.IBM.com/journal/sj/151/ibmsj1501H.pdf
> http://portal.ACM.org/citation.cfm?id=185412
> http://en.Wikipedia.org/wiki/Multics

Can you explain why you included these URLs? I was expecting that
they would be evidence that my claim was wrong -- but now that I have
looked through them all, I think they are irrelevant to my claim about
what was known 2 decades ago. If you think one of them refutes what
I said, can you please post a page number or elaborate somehow?

Analysis:

auslander.pdf has only a highly generic discussion of
security. No discussion of how to exploit return-into-libc, double-free,
format-string vulnerabilities, etc.

ibmsj1501H.pdf has a discussion of generic flaw-hypothesis
methodology. It discusses a TOCTTOU vulnerability in channel programs,
and a failure of complete mediation, for example. No discussion of how
to exploit return-into-libc, double-free, format-string vulnerabilities, etc.

id=185412 has a generic discussion of categories of security flaws,
and mentions many examples of security holes -- but no discussion of
how to exploit return-into-libc, double-free, format-string vulnerabilities,
etc. (In fact, many of the Multics overruns described there are only
described as causing crashes -- no mention is made of the possibility of
malicious code injection. This is a failure of imagination -- one that
is similar in spirit to the kind of failure of imagination that I claimed
was common 20 years ago.)

Multics has a generic overview of Multics. No discussion of specific
flaws.

Bottom line: I don't understand why you included those pointers, or
what you were hoping I would infer from the presence of those references,
though I made a good-faith effort to understand. If you think they are
relevant to my claim, or if you think they refute my claim, I'd like to
hear why.

Note carefully: I didn't claim that nobody thought about security 20
years ago. I didn't claim that no one had ever heard of a buffer overrun
attack 20 years ago. I recognize very well that there has been seminal
work on computer security going back over 30 years, and that some kinds of
buffer overruns have been around at least that long. Keep in mind that I
claimed something very specific. You might want to go back and read my
claim. I didn't see anything in your post or in the papers you cited that
was inconsistent with my claim.

(I've deleted the rest of your rant about forgotten knowledge in CS,
as it seems to be irrelevant to the very specific claim I made.)

Next message: Jon A. Solworth: "Re: More on garbage"

Previous message: David Wagner: "Re: More on garbage"
In reply to: Peter Grandi: "Re: Ancient history [was Re: Public disclosure ...]"
Next in thread: Douglas A. Gwyn: "Re: Ancient history [was Re: Public disclosure ...]"
Reply: Douglas A. Gwyn: "Re: Ancient history [was Re: Public disclosure ...]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Risks Digest 24.18
... Risks of using computers in airplanes ... New Security Paradigms Workshop: Call for Papers ... "Practical Internet Law for Business", ...
(comp.risks)
CFP CISIS 08
... Computational Intelligence in Security for Information Systems ... University of Burgos, Spain ... Accepted papers will be included in CISIS'08 Proceedings to be published ...
(Bugtraq)
[Full-disclosure] PacSec 2006 announcement, EUSecWest 2007 Call For Papers (Mar 1-2, deadlin
... Methods of increasing source code security automatically - Ben Chelf, ... EUSecWest CALL FOR PAPERS ... presented in a series of informative tutorials. ... innovative techniques and best practices ...
(Full-Disclosure)
[fw-wiz] NSPW 2006 Call for Papers
... New Security Paradigms Workshop ... A paradigm shift is thus not an incremental contribution to an established ... We solicit and accept papers on any topic in information security subject ... The submission in PDF format, ...
(Firewall-Wizards)
[fw-wiz] Call for Papers: NSPW Deadline Extended
... CALL FOR PAPERS: EXTENDED DEADLINE ... New Security Paradigms Workshop ... A paradigm shift is thus not an incremental contribution to an established ... The submission in PDF format, ...
(Firewall-Wizards)