Slaying Gould dragon with a wooden horse

#Bill.Stewart wcs at ho95e.UUCP
Thu Oct 30 08:57:10 AEST 1986


In article <694 at ulowell.UUCP> page at ulowell.UUCP (Bob Page) writes:
>dpw at unisec.UUCP (Darryl Wagoner) wrote in article <161 at unisec.UUCP>:
>> ... Is using a trojan horse a legit way to break into a system?
>
>Any method that does the job can be considered effective.  Who cares
>about being legitimate?  Would you pooh-pooh a system cracker that
>just destroyed your passwd file because she didn't use a 'legitimate'
>method?

What Darryl did was perfectly legit.  An alternative way to do it would be to
send mail to root saying "My %s doesn't work when I'm in my home directory; can
you take a look at it, and see if I goofed on something?"  Obviously this has
some limitations in a "break my trade-show system" environment, but it's the
equivalent you'd use in real life.

Some alternatives are "I got a new version of rogue! want to try it?" if you
have a dumb system administrator.  An equally legitimate approach, useful at
tradeshows, is to see what kind of terminal the administrator has.  Most CRTs
have a block=transfer mode that can be exploited by a letter-bomb.  Even  if
they get rid of setuid and give root a useful path, they probably didn't
bomb-proof mail.
-- 
# Bill Stewart, AT&T Bell Labs 2G-202, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs



More information about the Comp.unix.wizards mailing list