issuhub.com

ugh.book

(singke) #1

256 Security


The Worms Crawl In


In November 1988, an electronic parasite (a “worm”) disabled thousands

of workstations and super-minicomputers across the United States. The

worm attacked through a wide-area computer network called the Internet.

News reports placed the blame for the so-called “Internet Worm” squarely

on the shoulders of a single Cornell University graduate student, Robert T.

Morris. Releasing the worm was something between a prank and a wide-

scale experiment. A jury found him guilty of writing a computer program

that would “attack” systems on the network and “steal” passwords.

But the real criminal of the “Internet Worm” episode wasn’t Robert Morris,

but years of neglect of computer security issues by authors and vendors of

the Unix operating system. Morris’s worm attacked not by cunning, stealth,

or sleuth, but by exploiting two well-known bugs in the Unix operating

system—bugs that inherently resulted from Unix’s very design. Morris’s

program wasn’t an “Internet Worm.” After all, it left alone all Internet

machines running VMS, ITS, Apollo/Domain, TOPS-20, or Genera. It was

a strictly and purely a Unix worm.

One of the network programs, sendmail, was distributed by Sun Microsys-

tems and Digital Equipment Corporation with a special command called

DEBUG. Any person connecting to a sendmail program over the network

and issuing a DEBUG command could convince the sendmail program to

spawn a subshell.

The Morris worm also exploited a bug in the finger program. By sending

bogus information to the finger server, fingerd, it forced the computer to

execute a series of commands that eventually created a subshell. If the fin-

ger server had been unable to spawn subshells, the Morris worm would

have crashed the Finger program, but it would not have created a security-

breaking subshell.

Date: Tue, 15 Nov 88 13:30 EST

From: Richard Mlynarik <[email protected]>

To: UNIX-HATERS

Subject: The Chernobyl of operating systems

[I bet more ‘valuable research time’ is being ‘lost’ by the randoms

flaming about the sendmail worm than was ‘lost’ due to worm-inva-

sion. All those computer science ‘researchers’ do in any case is write

increasingly sophisticated screen-savers or read netnews.]

Date: 11 Nov 88 15:27 GMT+0100
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.