GENERAL WARNING
Ken Sallenger
ken at opusc.csd.scarolina.edu
Tue Oct 2 05:29:20 AEST 1990
In article <1990Sep29.004107.17548 at metro.ucc.su.OZ.AU>
glenn at suphys.physics.su.OZ.AU (Glenn Geers) writes:
=>
=> What about vendors deliberately putting trap-doors in their distributed
=> binaries?
We have a rather advanced, esoteric parallel machine on campus. When it
was first installed, a group of 6 programmers and systems types, along
with a couple of faculty researchers, were the primary users for the
first few months.
It only took about 6 weeks for one of us (yes, I confess, it was I) to
type "xyzzy" to the command interpreter prompt, just to see what would
happen...
The system halted, and the user who typed it was thrown into the
diagnostic ROM monitor.
I should point out that the account from which the magic cookie was issued
had every privilege that an account could have. One almost didn't need
to use the root account with all those priv's.
The trapdoor was put there by the primary developer of the system (a
high-powered hardware engineer who also happened at the time to be CEO
of the company :-) and well, they never had gotten around to taking it
out.
The Customer Service type to whom I reported it couldn't believe what I
was telling her at first. And she couldn't imagine why anyone would
type "xyzzy" to a shell prompt in the first place! I guess she hadn't
hung out with too many software hackers.
Come to think of it, I don't know whether they ever _did_ get around to
taking that out...
--
Ken Sallenger / ken at bigbird.csd.scarolina.edu / +1 803 777-9334
Computer Services Division / 1244 Blossom ST / Columbia, SC 29208
More information about the Alt.sources
mailing list