Programs operating in a shared environment inappropriately
trust the information supplied to them by untrustworthy programs. Examples
include forged data from Domain Name Servers in the Internet used to reroute
information through attackers, forged replies from authentication daemons
causing untrusted software to be run by access control software, forged
Network Information Service packets causing wrong password entries to be
used in authenticating attackers, and network-based administration programs
that can be fooled into forwarding incorrect administrative controls.
Complexity: In general, analyzing this problem would seem to require
analyzing all of the interdependencies of programs. In today's networked
environment, this would appear to be infeasible, but no detailed analysis
has been published to date.
fc@red.a.net