Path: utzoo!attcan!uunet!mcsun!ukc!strath-cs!expya!msor!rt
From: rt@msor.UUCP (Raymond Thompson)
Newsgroups: comp.unix.wizards
Subject: Re: Old rlogin bug
Message-ID: <698@msor0.UUCP>
Date: 26 Jul 90 14:17:48 GMT
References: <23959@adm.BRL.MIL>
Reply-To: rt@msor0.UUCP (Raymond Thompson)
Organization: MSOR Department, Exeter University, UK
Lines: 12

In article <23959@adm.BRL.MIL> bull@itd.nrl.navy.mil writes:
>We at the Naval Research Laboratory are investigating security flaws in
>software.  Our goal is to collect examples of actual flaws...
>                                   ...  It seems that in some unix systems it
>was possible for a user to gain superuser access to the system by giving
>the command "rlogin host-name -l ''".

This happened to me soon after we installed a new SUN system and was caused
by a typing error in the passwd file.  The line
+::0:0:::
forcing a look at NIS (ne YP) was typed in with the leading '+' missing.
Hey presto, a null System Manager