breaking security and becoming a priv user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

breaking security and becoming a priv user

To: deltoids@mcws.net
Subject: breaking security and becoming a priv user
From: Rich Thomson <rthomson@ptc.com>
Date: Thu, 30 Apr 1998 12:16:24 -0600
Organization: Design Software Group, Parametric Technology Corporation
Reply-To: deltoids@mcws.net
Sender: owner-deltoids@mcws.net

It seems that most people compromised security by inserting various
backdoors or sneaking passwords and so-on.  How many of us accomplished
the feat by finding an actual hole in the system?

My 'claim to fame' was that I discovered the batch processor was running
user-submitted batch jobs as 'batch', which happened to be account
[1,2].  This was on a weekend, and I remember Bob Mader being present
when I noticed this and we decided to see if we could do priv. things
through batch job.  I think we ran ACCOUNT to get a listing of passwords
or something. LOL!

Bob, didn't we have an argument over whether or not we should tell
Boas about the hole?  :)  At the time I wasn't particularly interested
in pursuing priveleges, just learning about hacking code.  I just
considered it 'interesting' that batch jobs ran as a priv. user and
was just going to tell Boas about it -- which I did the following
Monday.  I think Bob was kinda pissed at me for a while because I so
readily gave away the key to the 'back door' :).
--
					    Rich Thomson
					    rthomson@ptc.com

Follow-Ups:
- RE: Claim to faim
  - From: Ron Dozier <dozier@udel.edu>

Prev by Date: Re: TECO (was: As I remember things)
Next by Date: Re: As I remember things
Prev by thread: Re: As I remember things
Next by thread: RE: Claim to faim
Index(es):
- Date
- Thread