a thought about UNIX login security

trt at rti.UUCP trt at rti.UUCP
Thu Jun 23 01:09:40 AEST 1983


Too bad UNIX does not have an 'External Security' password option.
I think it is very effective at stopping randoms.
It could accept either the current or the previous password
so changing the external password does not require a flag day.
(Maybe all that is in system V?)

Once a user is logged onto a typical UNIX system,
there is little to keep him from becoming super-user.
It may take some imagination, or some time
(like waiting for a super-user to run your
graciously provided 'find-security-holes' program),
but a good Bad Guy will eventually win.

	Restricted Shells, an Anecdote
One day Ken Thompson and Bob Morris were challenged
to break a supposedly secure UNIX.  They were given
a login and password.  They were put into a restricted shell.
I mean restricted!  It would not exec(II) anything.
Not 'who', not 'pwd', not even 'date'.
It did not allow '>' or '>>' or some other things.
That rsh was so secure it was unusable.  BUT!!!
	while read x
	do
		$x
	done < /dev/passwd
printed out:
	root:PGqwGalLnSc0Q:0:3:God:/:: cannot execute (restricted)
	joe::0:3:Joe Nice:/usr/joe:: cannot execute (restricted)
	...
So they logged in as joe and got a normal shell.
Then they started in earnest.  Elapsed time to super-user--20 minutes.

The moral of the story:  Make sure the people
who can log onto your system are people you can trust.
If you cannot trust them, well,
Gary Fostel had good suggestions about detecting and fixing break-ins
but you are definitely in trouble.
	Tom Truscott



More information about the Comp.unix.wizards mailing list