[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]
Re: :zz: Security risks US?
- To: zzdev@xxxxxxxxxx
- Subject: Re: :zz: Security risks US?
- From: Ted Nelson <ted@xxxxxxxxxx>
- Date: Fri, 09 Oct 1998 18:11:36 +0900
- Cc: ted@xxxxxxxxxxxxxx
- In-reply-to: <19981009034248.F450@xxxxxxxxxxxxxxxxx>
- References: <3.0.3.32.19981008203108.00a565e0@xxxxxxxxxxxxxxxxxxx> <19981006144516.A2222@xxxxxxxxxxxxxx> <19981002215120.A18396@xxxxxxxxxxxxxx> <19981002215120.A18396@xxxxxxxxxxxxxx> <19981002142730.G3343@xxxxxxxxxxxxxxxxx> <3.0.3.32.19981005190704.00885470@xxxxxxxxxxxxxxxxxxx> <19981006144516.A2222@xxxxxxxxxxxxxx> <19981008170623.Q602@xxxxxxxxxxxxxxxxx> <3.0.3.32.19981008203108.00a565e0@xxxxxxxxxxxxxxxxxxx>
- Reply-to: zzdev@xxxxxxxxxx
So the security risks are not to the central computer network,
but to the people running the program-- as with Word bugs?
ChrzT
At 03:42 AM 10/9/98 +1000, you wrote:
>On Thu, Oct 08, 1998 at 08:31:08PM +0900, Ted Nelson wrote:
>> WOOPS! Gee, Andrew,
>>
>> I didn't realize we were a security risk. I thought we were
>> always running in user spaces which had limited privileges.
>> And that while a master copy resides in system space somewhere,
>> it just got copied into user space prior to execution.
>
>Yes, exactly.
>
>> You mean a Perl program could break out of a user's
>> low-privileged space ?-(
>
>Not normally. That's not what I meant at all. However, remember that
>Zigzag files downloaded from the net are not necessarily written by the
>same user who is viewing them, and therefore could contain malicious code
>(trojans) in the cells written by a different user in order to have them
>hopefully executed by the users downloading the Zigzag files!
>
>For example, I could write and distribute a Zigzag file containing a cell
>which when executed not only performs a "chug", but also emails me the
>Netscape bookmark file (and other personal files) of the user running it.
>
>Cheers,
> *** Xanni ***
>--
>mailto:xanni@xxxxxxxxxx Andrew Pam
>http://www.xanadu.com.au/ Technical VP, Xanadu
>http://www.glasswings.com.au/ Technical Editor, Glass Wings
>http://www.sericyb.com.au/sc/ Manager, Serious Cybernetics
>P.O. Box 26, East Melbourne VIC 8002 Australia Phone +61 3 96511511
>
>
____________________________________________________
Theodor Holm Nelson, Visiting Professor of Environmental Information
Keio University, Shonan Fujisawa Campus, Fujisawa, Japan
Home Fax from USA: 011-81-466-46-7368 (If in Japan, 0466-46-7368)
Professorial home page http://www.sfc.keio.ac.jp/~ted/
_____________________________________________________
Permanent: Project Xanadu, 3020 Bridgeway #295, Sausalito CA 94965
Tel. 415/ 331-4422, fax 415/332-0136
http://www.xanadu.net
PERMANENT E-MAIL: ted@xxxxxxxxxx
_____________________________________________________
Quotation of the day, 98.10.09:
"The most amazing thing is that on a small planet that circles a
medium-sized star, a species has developed that can ask these enormous
questions." Rocky Kolb (Associated Press, 98.10)