[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
breaking security and becoming a priv user
It seems that most people compromised security by inserting various
backdoors or sneaking passwords and so-on. How many of us accomplished
the feat by finding an actual hole in the system?
My 'claim to fame' was that I discovered the batch processor was running
user-submitted batch jobs as 'batch', which happened to be account
[1,2]. This was on a weekend, and I remember Bob Mader being present
when I noticed this and we decided to see if we could do priv. things
through batch job. I think we ran ACCOUNT to get a listing of passwords
or something. LOL!
Bob, didn't we have an argument over whether or not we should tell
Boas about the hole? :) At the time I wasn't particularly interested
in pursuing priveleges, just learning about hacking code. I just
considered it 'interesting' that batch jobs ran as a priv. user and
was just going to tell Boas about it -- which I did the following
Monday. I think Bob was kinda pissed at me for a while because I so
readily gave away the key to the 'back door' :).