[1815] in bugtraq
Re: password backdoors (on Apollo)
daemon@ATHENA.MIT.EDU (Paul Szabo)
Mon May 15 00:59:50 1995
Date: Mon, 15 May 95 12:28:54 +1000
From: szabo_p@maths.su.oz.au (Paul Szabo)
To: bugtraq@fc.net
Tom Brock <root@badgers.demon.co.uk> writes:
> > I am sure your HP engineer was just boasting, I am sure there are no
> > 'password backdoors' in Domain/OS.
> I'm not so sure. I heard a similar tale from an Apollo (pre-HP days) engineer.
Maybe he was referring to the habit of Apollo engineers carrying their own
cartridge tapes with a setuid root shell on them?
We seem to be straying away from the original topic of (password) backdoors,
i.e. intentional (mis)features. Now we seem to be discussing implementation
and design bugs.
Herb Peyerl <hpeyerl@beer.org> writes:
> In the past I've done things like put it into service mode ...
> set a breakpoint in one of the rgy_$ global functions ...
> However, when you're monkeying around at that level, there ain't a
> heck of a lot that's going to keep you out of a system.
Yes, all computers I can think of are 'breakable' with that sort of physical
access. Apollos can be broken into without mucking about with the hardware:
with Herb's method via the MD debugger, or creating a setuid root shell with
RWVOL. On some other computers you need to play with the hardware e.g.
remove the CMOS battery; though most seem to give you a single-user root
shell if they fail fsck, which does not even require specialized knowledge.
Leonard N. Zubkoff <lnz@dandelion.com> writes:
> Actually, I believe up until one of the later SR10 releases, there were ways to
> acquire "locksmith" privileges without root or physical access, if you knew the
> right details about the operating system internals. I wrote such a program
> once long ago, though of course it required its own password so as to avoid
> misuse should someone else find it.
Do you mean 'bless.c'? That bug was fixed at SR10.2; though there were ways
to exploit it without any programming or OS knowledge. (Is this why Apollo
was taken over? The engineers got tired from carrying those cartridge tapes,
instead of the knowledge of a couple of keystrokes...)
(I do know that this is supposed to be a full disclosure list. Sorry.)
Paul Szabo - System Manager // School of Mathematics and Statistics
szabo_p@maths.su.oz.au // University of Sydney, NSW 2006, Australia
