Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!emory!gatech!mcnc!uvaarpa!haven!mimsy!nocusuhs!nmrdc1!minixug!uwalt!waltje
From: waltje@uwalt.nl.mugnet.org (Fred 'The Rebel' van Kempen)
Newsgroups: comp.os.minix
Subject: Re: MINIX Security
Message-ID: <9103212084@uwalt.nl.mugnet.org>
Date: 21 Mar 91 17:33:02 GMT
References: <9360@star.cs.vu.nl>
Organization: MicroWalt Corporation, for MINIX Software Development
Lines: 31

mjh@cs.vu.nl (Maarten J Huisjes) wrote:
> ECO861771@ecostat.aau.dk writes:
> 
> 
> } Just one very simple way to do it would be to take a disk editor, find the
> } passwd file, and then change the password of root to nothing. This is very
> } easy as long as the minix file system is not read/write protected on the
> } host on which it resides. (Or encrypted).
> 
> } I guess this even works on big real life UNIX machines. Just take your
> } Macintosh to the lab, disconnect the SCSI drive with the root file system
> } and connect it to your mac. Then use a disc editor to make changes.
> 
> Yep, sure works. We just did exactly that. Connect the disk to an other
> Unix system and read /dev/<disk> with a binary editor. Search for "root:"

Bull. (not the brand- the curse!)

Any system administrator who allows his users to access raw disks has
to be shot.  Also, programs like 'de(8)' SHOULD NOT be suidRoot !!!!!
In most cases, system security is a matter of a system administrator's
knowledge and mentality.

Contest:

	I offer a full crate of fresh beer for anyone who cracks
	the "minixug" system. +31 252 218 363, daytime MET.

Fred :-) :-) :-)
--
MicroWalt Corporation, for MINIX Development	waltje@uwalt.nl.mugnet.org
Tel (+31) 252 230 205, Hoefbladhof  27, 2215 DV  VOORHOUT, The Netherlands