banana@igc.ethz.ch (eat more bananas) (03/11/91)
Under version 7 unix (the old days on a pdp11/23)... We had fsdb (file system debugger), don't know what has happened to it these days. Obviously we couldn't attack other peoples accounts, but we did have access to the raw disk device. Now, fsdb would let you follow an inode through to a disk block number and interpret that number as part of a file, inode and so on. So, start at the superblock and work your way down to someone's home account. Next, find the protection bits on his/her home directory and let yourself in. Next, copy over the program you have compiled in your own account and edit the .profile so it is executed on start up (we only had the bourne shell in those days). This program did the following puts( "Hi, so you want to use the pdp 11?") no worries, but first you have to guess a number between 1 and 10 000 000. Then you gets() the string and puts ("Close, but not close enough. Try again") Then ("Gee, that was almost right. You should get it next go") Finally, "Sorry I have you log you out" and you kill of the process id you got with getppid. Of course the mark 2 version of this program trapped keyboard interrupts and said ("Ouch, don't do that"). This was good fun until they got back at me, but that's another story....