Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!brunix!cgy
From: cgy@cs.brown.edu (Curtis Yarvin)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Keywords: security
Message-ID: <50845@brunix.UUCP>
Date: 24 Sep 90 02:33:24 GMT
References: <8354@helios.TAMU.EDU> <11133@galbp.LBP.HARRIS.COM> <LUSH.90Sep21083625@athena0.EE.MsState.Edu>
Sender: news@brunix.UUCP
Reply-To: cgy@cs.brown.edu (Curtis Yarvin)
Organization: Brown University Department of Computer Science
Lines: 26

In article <LUSH.90Sep21083625@athena0.EE.MsState.Edu> lush@EE.MsState.Edu (Edward Luke) writes:
>In article <11133@galbp.LBP.HARRIS.COM> mhw@wittsend.syntrex.com
>(Michael H. Warfield (Mike)) writes:
>>Normal system security for terminal devices
>>and honest, diligent system administrators can prevent most of this or make it
>>so difficult, it's not worth the effort.

>Unfortunately this is not true.  Trojan Horses are very easy to
>implement, and they don't require super user access.  All an evil
>trojan horse writer would need is access to that terminal...  Log in,
>run login program that looks identical to the normal login procedure.
>This proceduer would snarf up the passwd, tell the user "Sorry wrong
>password", and then exit back to the real login procedure.

You should be able to prevent this.  SunOS (and thus likely BSD as well,
though I don't know) make the first login prompt "<hostname> login:", and
switch to plain "login:" if an incorrect password is entered.  This disables
login trojans by making them unconcealable.  Alternatively, on at least some
SysV machines, you can change the first prompt from the soft underbelly of
"login:" by mucking with /etc/gettydefs (I think /etc/gettytab on BSD is the
same).

	-Curtis Yarvin	cgy@cs.brown.edu
"Now you can go where people are one,
 Now you can go where they get things done."
		-The Dead Kennedys, "Holiday in Cambodia"