-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Curtis Maurand Sent: March 1, 2004 10:38 AM To: Todd Vierling Cc: nanog@merit.edu Subject: Re: Possibly yet another MS mail worm
My point is that the COM/DCOM/OLE/ActiveX is what allows for a script in an email message that gets executed to have access to the rest of the system, rather than executing within a protected sandbox. Of course scripts within email messages shouldn't execute at all. Once they do execute, they have access to the OLE objects on the machine. Its a security hole big enough to drive a tank through.
And I hate to point out the obvious, but that's not what we're discussing here. If you receive a .zip attachment, save it to disk, open it up in WinZip or the integrated ZIP utility (which I might add is a feature GUI OSes made outside Redmond also share), extract the .exe in it, and open it up, ActiveX/OLE/DCOM/etc has NOTHING to do with the fact that the thing is destructive and that you were allowed to run it. Sure, having an executable flag like on *NIX would make it a little harder, but you know what? If I send you a shell script on *NIX called run-me.sh in a tarball that does a rm -rf / if you're root, and tells you to be root if you're not, then your session will look like this: 1. Save blah.tar.gz to disk. 2. tar zxf blah.tar.gz 3. chmod 755 run-me.sh 4. ./run-me.sh 5. "Error. This script must be run as root." 6. su - 7. ./run-me.sh 8. Wave byebye to your filesystems. The problem then isn't technological: an alternative OS, with an equally-determined (and idiotic) user as the Windows user, provides ZERO protection against this type of attack. And if you think that step 3 or 5 provided any protection against a determined user, you're wrong. Vivien -- Vivien M. vivienm@dyndns.org Assistant System Administrator Dynamic Network Services, Inc. http://www.dyndns.org/