[1793] in bugtraq
Re: password backdoors
daemon@ATHENA.MIT.EDU (Tim Scanlon)
Thu May 11 19:26:40 1995
From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Thu, 11 May 95 18:06:16 -0400
To: Larry Kealey <kealeyl@phibro.com>
Cc: bugtraq@fc.net
Reply-To: tfs@vampire.science.gmu.edu
|I have also heard that the hardware password (and all the other ROM settings) |will get wiped if you remove the battery for a while, but I haven't tried |it.(Haven't had the need... :>)
|Does anyone know?
Yes, this is correct. The way I was taught to do it to pull the battery, wait
30 seconds, pop the battery in backwards for 5 seconds, and then wait another
minute & reinstall it normaly. I don't know wether that's 'spec' for absolute
certain, but it does work, and has no ill effects that I've seen.
Also, on NeXT's, if the /etc/netinfo directory is set with read permissions
for other (the default), you can go in and look at the netinfo database as
it is set up in the files. it's not "plain text" but isn't unparseable
either. Obviously, if you're smart you reset these perms in a multi-user
environment to make the stuff unreadable by g & o. In a situation where
you've lost the root password or whatever, you obviously have console
access, so there's no problem with them only having root permissions.
-tfs
________________________________________________________________
tfs@vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon
George Mason University (PGP key avail.) Public Affairs
I speak for myself, but often claim demonic possession
