cmiller@sunspot.UUCP (Charlie Miller) (07/26/88)
Earlier I posted an article on the subject of passwords and system
security that referenced an article in Communications of the acm.
The acm issue date was in error, the article was in the May 1988 issue.
This is very good reading on the subject of security; "Stalking the
Wily Hacker". This guy had broken to the MILNET computer network.
The systems were then baited with files of fictitious text about
SDI etc...
The intruder used common account names like root, guest, system or
field. He also tried default or common passwords and sometimes found
valid account names by using who and finger on currently logged-in
accounts. The article goes on to say that although these methods were
primitive, he gained access on about 5 percent of the machines
attempted and sometimes actually gained system manager privileges as
well. He also exploited a bug in the Gnu-Emacs editor: using the
built in mail system, allowing users to forward a file to another
user, Emacs uses the UNIX set user ID root feature. He used this
program to put a shell script (to execute a root level) into the
systems area that when executed would grant him system privileges.
Good reading!
=======================================================================
-Charlie Miller Believe it if you need it...
USPS Mail: National Solar Observatory, Sunspot, NM 88349
Phone: (505)434-1390, FTS: 571-0238
UUCP: {arizona,decvax,hao,ihnp4}!noao!sunspot!cmiller
=======================================================================andy@cayuga.Stanford.EDU (Andy Freeman) (07/29/88)
In article <660@sunspot.UUCP> cmiller@noao.UUCP (Charlie Miller) writes: > He also exploited a bug in the Gnu-Emacs editor: using the >built in mail system, allowing users to forward a file to another >user, Emacs uses the UNIX set user ID root feature. He used this >program to put a shell script (to execute a root level) into the >systems area that when executed would grant him system privileges. The GNU Emacs installation instructions explicitly warn against making those parts setupid root; they don't need root privs to work properly. Software that is incorrectly installed often allows security failures, but the installer, not the software, is to blame. -andy UUCP: {arpa gateways, decwrl, uunet, rutgers}!polya.stanford.edu!andy ARPA: andy@polya.stanford.edu (415) 329-1718/723-3088 home/cubicle