|
|
|
Modern Operating Systems by Herbert Bos and Andrew S. Tanenb...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf
Showing 689 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 689
658
SECURITY
CHAP. 9
from the premises without warning, the next day (or next week) the logic bomb
does not get fed its daily password, so it goes off. Many variants on this theme are
also possible.
In one famous case, the logic bomb checked the payroll.
If the per-
sonnel number of the programmer did not appear in it for two consecutive payroll
periods, it went off (Spafford et al., 1989).
Going off might involve clearing the disk, erasing files at random, carefully
making hard-to-detect changes to key programs, or encrypting essential files. In
the latter case, the company has a tough choice about whether to call the police
(which may or may not result in a conviction many months later but certainly does
not restore the missing files) or to give in to the blackmail and rehire the ex-pro-
grammer as a ‘‘consultant’’ for an astronomical sum to fix the problem (and hope
that he does not plant new logic bombs while doing so).
There have been recorded cases in which a virus planted a logic bomb on the
computers it infected. Generally, these were programmed to go off all at once at
some date and time in the future. However, since the programmer has no idea in
advance of which computers will be hit, logic bombs cannot be used for job pro-
tection or blackmail. Often they are set to go off on a date that has some political
significance. Sometimes these are called
time bombs
.
9.8.2 Back Doors
Another security hole caused by an insider is the
back door
.
This problem is
created by code inserted into the system by a system programmer to bypass some
normal check. For example, a programmer could add code to the login program to
allow anyone to log in using the login name ‘‘zzzzz’’ no matter what was in the
password file. The normal code in the login program might look something like
Fig. 9-26(a).
The back door would be the change to Fig. 9-26(b).
while (TRUE) {
while (TRUE) {
printf("login: ");
printf("login: ");
get
string(name);
get
string(name);
disable
echoing( );
disable
echoing( );
printf("password: ");
printf("password: ");
get
string(password);
get
string(password);
enable
echoing( );
enable
echoing( );
v = check
validity(name, password);
v = check
validity(name, password);
if (v) break;
if (v || strcmp(name, "zzzzz") == 0) break;
}
}
execute
shell(name);
execute
shell(name);
(a)
(b)
Figure 9-26.
(a) Normal code. (b) Code with a back door inserted.
What the call to
strcmp
does is check if the login name is ‘‘zzzzz’’. If so, the
login succeeds, no matter what password is typed.
If this back-door code were
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
