rab@well.sf.ca.us (Bob Bickford) (10/22/90)
In article <748@public.BTR.COM> techie@public.BTR.COM (Bob Vaughan) writes: > >A friend of mine posed an interesting trivia question. > >What was the system manager password for the Burroughs 6700 >at the Universty Of The Pacific in 1977? > >This password was included in a utility program that the TA's used >for job control (they weren't allowed to have the system manager >password, so the program had a line that allowed the utility to >run as the system manager) > >Please reply by email. > >Thanks in advance > I'm the friend. Here, I'll make this even easier: 1) The TA's utility was written in the Burroughs - specific variant of the ALGOL language called "DCALGOL"; it used the construct REPLACE MYSELF.USERCODE BY "XXXXXXX/YYYYY." to change its permissions to the system manager's. The TA's were very interested in the DCALGOL language; I distinctly recall being in the computer center with them late one night as they waited breathlessly for the compiler to come online so they could try out an MCP-modifying program that they'd written. It worked, as I recall, which was rather scary. (Yes, MCP means Master Control Program, as in the movie TRON. No, I don't know if they were thinking of the Burroughs machines when they wrote the movie.) 2) The name of the utility was "LOOKING-GOOD". When I obtained that usercode/password combination, one of the things I did was to print out a source-code listing of same, which I still have. (I was then invited to the Dean's office for a morning chat.... ah, the trials and irresponsibilities of youth.) I realize now, looking at it, that it's *horribly* bad code, but in 1977 I didn't know any better. 3) I was at UOP from September of 1976 through January of 1978; the password being queried about was in use in the Spring of 1977. They changed it, obviously, after my little adventure..... 4) I obtained this totally by accident; I was curious as to how the TA's utility worked, and printed out the object code. Before I arrived at UOP, that was illegel and would crash the system every time; I didn't know that and had crashed the system twice earlier in the year by printing the wrong file. So they "fixed" it; what you got was a page full of question-marks, with any quoted strings from the source code appearing in cleartext form. So when I printed out the object to LOOKING-GOOD, there were lots of strings lying around in it, including one that said XXXXXXX/YYYYY. which I immediately recognized as an ALGOL usercode/password string. So I tried it...... and was immediately caught (but not before I'd made a printout of the program, as mentioned above). When they explained to me what the ramifications of having that knowledge were, I got real scared. BTW, the LOOKING-GOOD object file had the security attributes "CLASSA-OUT" which meant that *anybody* could read it and print it out as I had done. I pointed that fact out to them...... and the Dean had a few hard words with the computer center manager. His name was Jerry (no, that won't help you guess the password) but he was later replaced by a friend whom I had introduced to the B6700 that year named Ed. Ed helped me late one night to print out a voluminous system logging file that also turned out to have lots of sensitive security info in it; we left one copy of the printout on Jerry's desk the next morning (Ed took the other, I don't think he ever did anything with it) along with instructions that *any* user could use to print the same thing out with. We were playful and harmless; I gather that a year or so later some guys came along that tried to repeat my stunt but with malign intent: they were caught, and prosecuted. I'm revealing all this now because I've finally stopped using that password as my own on any system, and because it makes a rather interesting challenge as a trivia question. A harmless one, too. -- Robert Bickford {apple,pacbell,hplabs,ucbvax}!well!rab rab@well.sf.ca.us "A Hacker is any person who derives joy from discovering ways to circumvent limitations."