banana@igc.ethz.ch (eat more bananas) (03/11/91)
Under version 7 unix (the old days on a pdp11/23)...
We had fsdb (file system debugger), don't know what has
happened to it these days.
Obviously we couldn't attack other peoples accounts, but we did
have access to the raw disk device.
Now, fsdb would let you follow an inode through to a disk
block number and interpret that number as part of a file, inode and so on.
So, start at the superblock and work your way down to someone's home
account.
Next, find the protection bits on his/her home directory and let yourself in.
Next, copy over the program you have compiled in your own account and
edit the .profile so it is executed on start up (we only had the bourne
shell in those days).
This program did the following
puts( "Hi, so you want to use the pdp 11?")
no worries, but first you have to guess a number
between 1 and 10 000 000.
Then you gets() the string and puts
("Close, but not close enough. Try again")
Then
("Gee, that was almost right. You should get it next go")
Finally, "Sorry I have you log you out"
and you kill of the process id you got with getppid.
Of course the mark 2 version of this program trapped
keyboard interrupts and said ("Ouch, don't do that").
This was good fun until they got back at me, but
that's another story....