The computing environment upon which programs or people depend
for proper operation is corrupted so as to cause those other programs to
operate incorrectly. Examples include manipulating the Unix FS environment
variable so as to cause command interpretation to operate unusually,
altering the PATH (or similar) variable in multi-user systems to cause
unintended programs to be used, and manipulation of a paper form so as to
change its function without alerting the person filling it out. In the
physical domain, this includes the introduction of gases, dust, or other
particles, chemicals, or elements into the physical environment. In the
electromagnetic realm, it includes waveforms. In the human sense, sound,
smell, feel, and other sensory input corruption is included.
Complexity: In most computing environments, there are only a relatively
small number of ways that environment variables get set or used. This
limits the search for such vulnerabilities substantially, however, the ways
in which environmental variables might be used by programs in general is
unlimited. Thus the theoretical complexity of identifying all such problems
would likely be at least NP-complete. This would seem to give computational
leverage to the attacker.
fc@red.a.net