[1802] in bugtraq
password backdoors (on Apollo)
daemon@ATHENA.MIT.EDU (Leonard N. Zubkoff)
Fri May 12 06:43:57 1995
Date: Fri, 12 May 1995 01:58:52 -0700
From: "Leonard N. Zubkoff" <lnz@dandelion.com>
To: mattm@alaska.net
Cc: Dan_Thorson@notes.seagate.com, root@sentinet.demon.co.uk, bugtraq@fc.net
In-Reply-To: "Matt T. Mannhardt"'s message of Thu, 11 May 1995 14:18:22 -0800 (AKDT) <Pine.SOL.3.91.950511140232.28508E-100000@calvino>
Date: Thu, 11 May 1995 14:18:22 -0800 (AKDT)
From: "Matt T. Mannhardt" <mattm@alaska.net>
...
But forget the root password and, you better have a set of distribution tapes
and node with a tape-drive and 20 minutes to kill while it booted off of
tape. (remember, physical access = control). But that was all in a prior
life and previous job. don't remember a thing about it now. ;-)
Actually, I believe up until one of the later SR10 releases, there were ways to
acquire "locksmith" privileges without root or physical access, if you knew the
right details about the operating system internals. I wrote such a program
once long ago, though of course it required its own password so as to avoid
misuse should someone else find it.
Leonard
