[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

breaking security and becoming a priv user

It seems that most people compromised security by inserting various
backdoors or sneaking passwords and so-on.  How many of us accomplished
the feat by finding an actual hole in the system?

My 'claim to fame' was that I discovered the batch processor was running
user-submitted batch jobs as 'batch', which happened to be account
[1,2].  This was on a weekend, and I remember Bob Mader being present
when I noticed this and we decided to see if we could do priv. things
through batch job.  I think we ran ACCOUNT to get a listing of passwords
or something. LOL!

Bob, didn't we have an argument over whether or not we should tell
Boas about the hole?  :)  At the time I wasn't particularly interested
in pursuing priveleges, just learning about hacking code.  I just
considered it 'interesting' that batch jobs ran as a priv. user and
was just going to tell Boas about it -- which I did the following
Monday.  I think Bob was kinda pissed at me for a while because I so
readily gave away the key to the 'back door' :).
					    Rich Thomson