Adecvax.168
net.unix-wizards,net.general
utcsrgv!utzoo!decvax!aps
Thu Mar  4 19:14:56 1982
Security at UCB, UNIX
I hate to be the one to put this onto the net because I don't
want to take credit for finding the info out but Shannon had
to pick up Pizza with his wife and he (Bill, that is) is the
person who told me.  (He found out from ..., well a reliable
source.  Source, I didn't know if you wanted to be known.)

Some students discovered this feature in a terminal and
went to Dr. Lynn to see if they could try this out.

What if there was this guy logged in as root on this HP
terminal and there were these other people also logged in else-
where who knew that this guy Root was logged in on this HP
terminal.  Well this Root guy's terminal would be writable.
(Root has mesg y so he can get important requests via
write and the like.)  Well, these other people would just send
to Root's terminal the proper escape sequence to enable
the terminal to loop back all things it recieves.  So,
behold.  They could then send "commands" to Root's terminal
and the terminal would loop it back to (where else but) the
system.  The system would execute these commands just as if they
were comming from Root's terminal and they really would!
And, that's it; a way to execute superuser commands with out
being super user (A.K.A. A whole.)

(This is the big break in security that Donn Parker was waiting
for?  I have read a few of his articles and a book.  He's ok.)
Not too much to worry about, unless you let your root lay around
on HP (or other with loop back "features") terminals!

All I can say is that I am happier than a pig in X$&% that the
problem was not with the VAX!

       Armando Stettner
       DEC UNIX Engineering Group.

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.