Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!hellgate.utah.edu!fcom.cc.utah.edu!cc.utah.edu!cc.usu.edu!slsw2
Newsgroups: comp.sys.dec.micro
Subject: Re: P/OS security? (or how to break into a P/OS system)
Message-ID: <1991Apr22.154959.47516@cc.usu.edu>
From: slsw2@cc.usu.edu
Date: 22 Apr 91 15:49:59 MDT
References: <1991Apr12.170355.6406@news.cs.brandeis.edu> <41275@cup.portal.com> <1991Apr16.134937.47433@cc.usu.edu> <71506@eerie.acsu.Buffalo.EDU>
Distribution: na
Organization: Utah State University
Lines: 32

In article <71506@eerie.acsu.Buffalo.EDU>, kalisiak@acsu.buffalo.edu (christophe m kalisiak) writes:
> In article <1991Apr16.134937.47433@cc.usu.edu> slsw2@cc.usu.edu writes:
>>In article <41275@cup.portal.com>, Azog-Thoth@cup.portal.com (William Thomas Daugustine) writes:
>>While the machine was booting, executing the startup command file, I pressed
>>^C. That gave me an MCR prompt at which I could type a command. Since the
>>machine was executing the startup command file, the MCR prompt was attached to
>>the system account. In an obscure manual that I no longer have and don't
>>remember very well, I found the name of the password file. The MCR command
>>that I issued, then, typed the password file on the console.
> 
> What was the command? I would say that if one were to delete the 
> password file, then you could probably start from scratch...
> Don't quote me on it.

It was just PIP TO:=filename. Since the file was not encrypted, the passwords
showed up.

BTW, deleting the password file is probably not a good idea. If you do it on
VMS, you just plain can't get in unless you do a conversational bootstrap and
set the startup file to OPA0:...
> 
>>Since P/OS is related to RSX-11M, it might work. Wish I could remember the
>>name of the account file, though...
> 
> [0,0]RSX11.SYS

I dunno; sounds like the system image to me. I'd want to poke about the
documentation for a while before I deleted that one.

Roger Ivie
slsw2@cc.usu.edu