[1791] in bugtraq
Re: password backdoors (on Apollo)
daemon@ATHENA.MIT.EDU (Paul Szabo)
Thu May 11 18:50:44 1995
Date: Fri, 12 May 95 07:31:23 +1000
From: szabo_p@maths.su.oz.au (Paul Szabo)
To: Dan_Thorson@notes.seagate.com
Cc: bugtraq@fc.net
Dan Thorson <Dan_Thorson@notes.seagate.com> wrote:
> Sure, shut the machine, REset, then (and I can't remember the exact sequence)
> you should be able to modify the /etc/passwd file, re-start the OS, root has
> the password (or lack thereof) you set up in the previous step.
> Just another example of physical security being important.
Good try... except that Apollos do not use /etc/passwd files. (They use the
registry daemon rgyd, the /etc/passwd file being a read-only object provided
for compatibility with brain-dead UNIX utilities only.) Besides, if you had
set sensible permissions on your file system, then you should not be able to
modify anything (let alone /etc/passwd) from Apollo's "PhaseII Shell" (the
single-user mode) where you run as user.none.none.
Paul Szabo - System Manager // School of Mathematics and Statistics
szabo_p@maths.su.oz.au // University of Sydney, NSW 2006, Australia
