[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

Re: :zz: Security risks US?

To: zzdev@xxxxxxxxxx
Subject: Re: :zz: Security risks US?
From: Ted Nelson <ted@xxxxxxxxxx>
Date: Fri, 09 Oct 1998 18:11:36 +0900
Cc: ted@xxxxxxxxxxxxxx
In-reply-to: <19981009034248.F450@xxxxxxxxxxxxxxxxx>
References: <3.0.3.32.19981008203108.00a565e0@xxxxxxxxxxxxxxxxxxx> <19981006144516.A2222@xxxxxxxxxxxxxx> <19981002215120.A18396@xxxxxxxxxxxxxx> <19981002215120.A18396@xxxxxxxxxxxxxx> <19981002142730.G3343@xxxxxxxxxxxxxxxxx> <3.0.3.32.19981005190704.00885470@xxxxxxxxxxxxxxxxxxx> <19981006144516.A2222@xxxxxxxxxxxxxx> <19981008170623.Q602@xxxxxxxxxxxxxxxxx> <3.0.3.32.19981008203108.00a565e0@xxxxxxxxxxxxxxxxxxx>
Reply-to: zzdev@xxxxxxxxxx

So the security risks are not to the central computer network,
 but to the people running the program-- as with Word bugs?

ChrzT


At 03:42 AM 10/9/98 +1000, you wrote:
>On Thu, Oct 08, 1998 at 08:31:08PM +0900, Ted Nelson wrote:
>> WOOPS!  Gee, Andrew,
>> 
>> I didn't realize we were a security risk.  I thought we were
>>  always running in user spaces which had limited privileges.
>>  And that while a master copy resides in system space somewhere,
>>  it just got copied into user space prior to execution.
>
>Yes, exactly.
>
>> You mean a Perl program could break out of a user's
>>  low-privileged space ?-(
>
>Not normally.  That's not what I meant at all.  However, remember that
>Zigzag files downloaded from the net are not necessarily written by the
>same user who is viewing them, and therefore could contain malicious code
>(trojans) in the cells written by a different user in order to have them
>hopefully executed by the users downloading the Zigzag files!
>
>For example, I could write and distribute a Zigzag file containing a cell
>which when executed not only performs a "chug", but also emails me the
>Netscape bookmark file (and other personal files) of the user running it.
>
>Cheers,
>	*** Xanni ***
>-- 
>mailto:xanni@xxxxxxxxxx                         Andrew Pam
>http://www.xanadu.com.au/                       Technical VP, Xanadu
>http://www.glasswings.com.au/                   Technical Editor, Glass Wings
>http://www.sericyb.com.au/sc/                   Manager, Serious Cybernetics
>P.O. Box 26, East Melbourne VIC 8002 Australia  Phone +61 3 96511511
>
>
____________________________________________________
Theodor Holm Nelson, Visiting Professor of Environmental Information
 Keio University, Shonan Fujisawa Campus, Fujisawa, Japan
 Home Fax from USA: 011-81-466-46-7368  (If in Japan, 0466-46-7368)
Professorial home page http://www.sfc.keio.ac.jp/~ted/ 
_____________________________________________________
Permanent: Project Xanadu, 3020 Bridgeway #295, Sausalito CA 94965
 Tel. 415/ 331-4422, fax 415/332-0136  
http://www.xanadu.net
PERMANENT E-MAIL: ted@xxxxxxxxxx
_____________________________________________________
Quotation of the day, 98.10.09:
"The most amazing thing is that on a small planet that circles a
medium-sized star, a species has developed that can ask these enormous
questions."  Rocky Kolb (Associated Press, 98.10)

Follow-Ups:
- Re: [zzdev] Re: :zz: Security risks US?
  - From: Andrew Pam

References:
- :zz: Security risk? US? MOI??
  - From: Ted Nelson
- Re: [zzdev] Re: [zzdev] File extension: fly in ointment
  - From: Gossamer
- File extension?
  - From: Gossamer
- Re: [zzdev] File extension?
  - From: Andrew Pam
- Re: [zzdev] File extension: fly in ointment
  - From: Ted Nelson
- Re: [zzdev] Re: [zzdev] Re: [zzdev] File extension: fly in ointment
  - From: Andrew Pam
- Re: :zz: Security risk? US? MOI??
  - From: Andrew Pam

Prev by Date: Re: [zzdev] :zz: THE NUMBER ONE PRIORITY
Next by Date: Re: [zzdev] :zz: ^R?
Previous by thread: Re: :zz: Security risk? US? MOI??
Next by thread: Re: [zzdev] Re: :zz: Security risks US?
Index(es):