Finding Passwords

Curtis Yarvin cgy at cs.brown.edu
Sun Oct 7 03:03:49 AEST 1990


In article <21948:Oct606:29:2890 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <651 at puck.mrcu> paj at uk.co.gec-mrc (Paul Johnson) writes:
>> A plain trojan could not make the correct response:
>> all it could collect would be the user's challenge.
>
>That's a spoof. Read the paragraph quoted above that you're responding
>to: I'm not talking about a spoof.
>
>---Dan
Forgive me if I am ignorant.  But the problem here seems to be that a
trojan is possible at all.  In order to be a true trojan (not a spoof),
a program must call setreuid(2).  Thus its euid must be root.  A trojan can
do this by execing /bin/login, because login is setuid.  But why should
login be setuid?  Seems to me it only really needs to be executed by
getty, which runs as root anyway.  Flame me if I am completely confused.

		-Curtis

"I tried living in the real world
 Instead of a shell
 But I was bored before I even began." - The Smiths



More information about the Comp.unix.internals mailing list