[5206] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Backdoor Paper

daemon@ATHENA.MIT.EDU (Nicolas Dubee)
Wed Aug 27 10:46:56 1997

Date: 	Sun, 27 Jul 1997 14:34:42 +0200
Reply-To: dube0866@EUROBRETAGNE.FR
From: Nicolas Dubee <dube0866@EUROBRETAGNE.FR>
X-To:         cklaus@iss.net
To: BUGTRAQ@NETSPACE.ORG

hello,

you may want to add this "feature" that can act as a backdoor:

when specifying a wrong uid/gid in the /etc/password file,
most login(1) implementations will fail to detect the wrong
uid/gid and atoi(3) will set uid/gid to 0, giving superuser
privileges.

example:
rmartin:x:x50:50:R. Martin:/home/rmartin:/bin/tcsh
on Linux boxes, this will give uid 0 to user rmartin.

-plaguez
dube0866@eurobretagne.fr

>
>Date:         Sat, 16 Aug 1997 19:07:58 -0400
>From: Christopher Klaus <cklaus@ISS.NET>
>Subject:      Backdoor Paper
>
>Here's a paper I wrote on backdoors.  Feedback welcome.
>
>
>Backdoors
>
>By Christopher Klaus 8/4/97
>
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5206] in bugtraq

Re: Backdoor Paper

daemon@ATHENA.MIT.EDU (Nicolas Dubee)Wed Aug 27 10:46:56 1997

daemon@ATHENA.MIT.EDU (Nicolas Dubee)
Wed Aug 27 10:46:56 1997