dtynan@sultra.UUCP (Der Tynan) (09/27/88)
OK, some more stray ramblings... First, I began applying the 1.3a/b diffs
this weekend, and after many, many hours, am still hacking away - the
problems are mostly missing files, and reapplying any personal changes.
I'll produce a report if anyone is interested.
The main reason I'm posting this, is I was thinking today, about the
possibility of a new newsgroup called 'comp.sources.minix', so that we
could separate the comments (like this one) from the "real stuff". I have a
hard time going through the archives looking at subject fields, and not
knowing if they are notes of problems or actual code changes. At this stage,
I thought I'd open the topic for discussion. If it has been opened before,
then excuse the repetition. As far as usage is concerned, the group would
have a lot more activity than some of the other subgroups I see there (no names
mentioned!).
As far as the fix/diff and patch/cdiff argument is concerned, personally I
prefer cdiff's, because when you're dealing with sources that have been
modified locally, it's hard to apply diffs. At the same time, it occurs to
me that it is in the realm of possibility to produce a cdiff file from a
diff file, if the vanilla sources are available. This might be the best
solution, as it satisfies all requirements. Any comments???
The last thing I have to say is directed at Dr. Tanenbaum; I was leafing
through the MINIX reference manual last night when I noticed a comment about
becoming super-user, without the password. Anyway, when I first got MINIX,
I only ordered the disks, I have a plethora of OS books, and wasn't in a
hurry to extend the collection. The disks arrived in a cute plastic box, with
a terse comment about finding you on USENET. I figured out how to start the
system sans documentation, and everything was fine until the RAM disk loaded,
then I was presented with "login:". Ok, so I've been around distribution tapes
long enough, I typed 'root'. I figured the password field would be blank!
Boy, was I wrong. I was prompted for a password, and tried ALL the obvious
with no luck! Now what! I mean, in a situation like this, what does one do?
Order the manual and wait another six weeks? No. I loaded the root filesystem
disk into MS-DOS, and using the debugger, wrote a quick program to load each
track. Then, i dumped out the data, looking for something resembling a
/etc/passwd file. I found it, patched the first byte of the password to ':',
meaning that there is no password set, wrote the block back out to disk, and
rebooted. Hey presto! I didn't ask me for a password. One of the first
tasks I had, as root, was to change the password. It wasn't until I found the
reference manual locally, that I found out what the original password was!!!
I guess that qualifies me for a rijksdaalder (whatever that is)!!
- Der
--
Reply: dtynan@sultra.UUCP (Der Tynan @ Tynan Computers)
{mips,pyramid}!sultra!dtynan
Cast a cold eye on life, on death. Horseman, pass by... [WBY]jds@mimsy.UUCP (James da Silva) (09/28/88)
In article <2545@sultra.UUCP> dtynan@sultra.UUCP (Der Tynan) writes: > >The main reason I'm posting this, is I was thinking today, about the >possibility of a new newsgroup called 'comp.sources.minix', so that we >could separate the comments (like this one) from the "real stuff". I have a >hard time going through the archives looking at subject fields, and not >knowing if they are notes of problems or actual code changes. At this stage, >I thought I'd open the topic for discussion. If it has been opened before, >then excuse the repetition. As far as usage is concerned, the group would >have a lot more activity than some of the other subgroups I see there (no >names mentioned!). This has been brought up before, but not resolved. It may be that a moderated source group could make life easier for people searching for things, but who would moderate the group? And there are lots of postings that contain tips or small patches along with other stuff. These are as valuable as the large source postings, and should be archived as well. The real problem, in my opinion, is that the archives, including my archive, index the articles by subject line. The subject lines don't always tell you enough about the article. When I edit the archive for a month, I try to group related articles together, rather than putting them in cronological order, but even that is not enough. There's no easy solution, as the Archive maintainers are already doing a lot, they can't be expected to become Editors as well. Perhaps the best thing we can hope for is for people to be careful to write a descriptive subject line when they are posting source, a bug report, or something of lasting value. >I figured out how to start the system sans documentation, and everything >was fine until the RAM disk loaded, then I was presented with "login:". >Ok, so I've been around distribution tapes long enough, I typed 'root'. I >figured the password field would be blank! Boy, was I wrong. I was >prompted for a password, and tried ALL the obvious with no luck! Now what! >I mean, in a situation like this, what does one do? Order the manual and >wait another six weeks? No. I loaded the root filesystem disk into >MS-DOS, and using the debugger, wrote a quick program to load each track. >Then, i dumped out the data, looking for something resembling a /etc/passwd >file. I found it, patched the first byte of the password to ':', meaning >that there is no password set, wrote the block back out to disk, and >rebooted. Hey presto! I didn't ask me for a password. One of the first >tasks I had, as root, was to change the password. It wasn't until I found >the reference manual locally, that I found out what the original password >was!!! I admire your persistence. There's an easier way to do it: Minix has login in /usr/bin. If init can't find /usr/bin/login, it gives you a root shell. So, when Minix tells you to put the /usr disk in, ignore it and just hit RETURN. Boom, root shell. So everyone, put away your debug disks! For those who prefer the front door, the root password is 'Geheim' on the distribution disks. >I guess that qualifies me for a rijksdaalder (whatever that is)!! Well.... I think we both cheated. No operating system can really protect against someone using a debugger/monitor to hack the distribution disks or tapes then loading them. This isn't really a hole in the OS security. Also, I wonder what 'real' unix init does if it can't find getty or other crucial files at boot time? In general, if a knowledgeable user has access to the physical machine, she can break in sooner or later. - Jaime ---------------------------------------------------------------------- usenet: uunet!mimsy!jds James da Silva internet: jds@mimsy.umd.edu "Stand on each other's shoulders, not on each other's toes."
ast@cs.vu.nl (Andy Tanenbaum) (09/28/88)
In article <2545@sultra.UUCP> dtynan@sultra.UUCP (Der Tynan) writes: >The last thing I have to say is directed at Dr. Tanenbaum In general, when you have a message for a small number of people, it is considered polite to use mail, not news. Since the request came via news I might as well answer that way. >I only ordered the disks, I have a plethora of OS books, and wasn't in a >hurry to extend the collection. Unfortunately, the manual is included in the book and one is expected to read it. We could have bound the software and book together (and in fact P-H now has such a package), but we thought it more flexible to make them available separately. [Discussion of physical security] In general, I sort of regard "physical methods" such as using external computers, xray machines, magnets, operator torture, bribing secretaries, breaking into my office in the dead of night, and such like as bordering on cheating, but I'll keep my word. You get a rijksdaalder, which is a Dutch coin currently retailing for about 47 Belgian Franks. Andy Tanenbaum (ast@cs.vu.nl)
greyham@ausonics.OZ (Greyham Stoney) (09/29/88)
in article <2545@sultra.UUCP>, dtynan@sultra.UUCP (Der Tynan) says: > [stuff about his difficulty with the root password....] > I guess that qualifies me for a rijksdaalder (whatever that is)!! ^^^^^^^^^^^^^^^^ - well, yeah! yeah, it is a bit of a stumper when you hit it first time; but how about this: (it works under 1.1, I don't know about 1.2, 1.3a/b/c/....) upon booting, when it says to mount the root filesystem disk in the drive, just shove something else (say, /usr since it's probably in your hand) in the drive. And what do you know? root shell! so, spose that rijksdaalder should be in the mail any day now.... :-) Greyham -- # Greyham Stoney: (disclaimer not necessary: I'm obviously irresponsible) # greyham@ausonics.oz - Ausonics Pty Ltd, Lane Cove. | greyham@utscsd.oz - # ^^^^^^^ (Official Sponsor of this message.) | Uni of Technology, Syd. # [.signature changed to celebrate NEW LOGNAME!! ] | (what can I say...)