Path: utzoo!attcan!uunet!brunix!cgy
From: cgy@cs.brown.edu (Curtis Yarvin)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Keywords: security
Message-ID: <52347@brunix.UUCP>
Date: 6 Oct 90 17:03:49 GMT
References: <8685@mirsa.inria.fr> <12438:Oct223:00:3290@kramden.acf.nyu.edu> <651@puck.mrcu> <21948:Oct606:29:2890@kramden.acf.nyu.edu>
Sender: news@brunix.UUCP
Reply-To: cgy@cs.brown.edu (Curtis Yarvin)
Organization: Bogus University Department of Computer Science
Lines: 21

In article <21948:Oct606:29:2890@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <651@puck.mrcu> paj@uk.co.gec-mrc (Paul Johnson) writes:
>> A plain trojan could not make the correct response:
>> all it could collect would be the user's challenge.
>
>That's a spoof. Read the paragraph quoted above that you're responding
>to: I'm not talking about a spoof.
>
>---Dan
Forgive me if I am ignorant.  But the problem here seems to be that a
trojan is possible at all.  In order to be a true trojan (not a spoof),
a program must call setreuid(2).  Thus its euid must be root.  A trojan can
do this by execing /bin/login, because login is setuid.  But why should
login be setuid?  Seems to me it only really needs to be executed by
getty, which runs as root anyway.  Flame me if I am completely confused.

		-Curtis

"I tried living in the real world
 Instead of a shell
 But I was bored before I even began." - The Smiths