Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!think.com!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!mcsun!tuvie!vmars!hp
From: hp@vmars.tuwien.ac.at (Peter Holzer)
Newsgroups: comp.os.minix
Subject: Re: MINIX Security
Message-ID: <2385@tuvie.UUCP>
Date: 21 Mar 91 16:02:09 GMT
References: <48053@nigel.ee.udel.edu>
Sender: news@tuvie.UUCP
Lines: 39

ECO861771@ecostat.aau.dk writes:


>Just one very simple way to do it would be to take a disk editor, find the
>passwd file, and then change the password of root to nothing. This is very
>easy as long as the minix file system is not read/write protected on the
>host on which it resides. (Or encrypted).

Hmm. All the /dev/hd* entries are mode 0600 at my system. Oh,
you mean I should boot with DOS and then use Disk Repair or
Norton Utilities. Now that is really a problem. But you could
disable booting from disk by changing the BIOS (a friend of mine
did this. Of course he kept the original BIOS for emergencies :-)

On Minix, however the easiest way to become root (if you don't
have the original root disk with the `secret' password) is to
decrypt the passwords (Yes that can be done and a program that
does this has been posted some time ago).

>I guess this even works on big real life UNIX machines. Just take your
>Macintosh to the lab, disconnect the SCSI drive with the root file system
>and connect it to your mac. Then use a disc editor to make changes.

Ok, lets try it. I go to the lab, switch off the computer, take a
screwdriver to open it, three people come in: ``Why can't we
read news anymore? --- WHAT ARE YOU DOING WITH THAT
COMPUTER???''. I'll try it on a weekend next time :-)

But if you can switch off the computer for a few minutes without
being noticed there is a much easier way to get root privileges:
Some (many ?) workstations allow you to choose between single-
and multi-user mode soon after rebooting without asking for a
password! If you enter single-user mode you have root privileges
and can install all trojan horses you want.
--
|    _  | Peter J. Holzer                       | Think of it   |
| |_|_) | Technical University Vienna           | as evolution  |
| | |   | Dept. for Real-Time Systems           | in action!    |
| __/   | hp@vmars.tuwien.ac.at                 |     Tony Rand |