Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cuae2!ihnp4!houxm!ho95e!wcs
From: wcs@ho95e.UUCP (#Bill.Stewart)
Newsgroups: net.unix,net.unix-wizards
Subject: Re: Slaying Gould dragon with a wooden horse
Message-ID: <1056@ho95e.UUCP>
Date: Wed, 29-Oct-86 17:57:10 EST
Article-I.D.: ho95e.1056
Posted: Wed Oct 29 17:57:10 1986
Date-Received: Thu, 30-Oct-86 06:35:42 EST
References: <161@unisec.UUCP> <694@ulowell.UUCP>
Reply-To: wcs@ho95e.UUCP (Bill Stewart 1-201-949-0705 ihnp4!ho95c!wcs HO 2G202)
Organization: AT&T Bell Labs, Holmdel NJ
Lines: 23
Keywords: secure unix trojan horse gould
Xref: watmath net.unix:9769 net.unix-wizards:20194

In article <694@ulowell.UUCP> page@ulowell.UUCP (Bob Page) writes:
>dpw@unisec.UUCP (Darryl Wagoner) wrote in article <161@unisec.UUCP>:
>> ... Is using a trojan horse a legit way to break into a system?
>
>Any method that does the job can be considered effective.  Who cares
>about being legitimate?  Would you pooh-pooh a system cracker that
>just destroyed your passwd file because she didn't use a 'legitimate'
>method?

What Darryl did was perfectly legit.  An alternative way to do it would be to
send mail to root saying "My %s doesn't work when I'm in my home directory; can
you take a look at it, and see if I goofed on something?"  Obviously this has
some limitations in a "break my trade-show system" environment, but it's the
equivalent you'd use in real life.

Some alternatives are "I got a new version of rogue! want to try it?" if you
have a dumb system administrator.  An equally legitimate approach, useful at
tradeshows, is to see what kind of terminal the administrator has.  Most CRTs
have a block=transfer mode that can be exploited by a letter-bomb.  Even  if
they get rid of setuid and give root a useful path, they probably didn't
bomb-proof mail.
-- 
# Bill Stewart, AT&T Bell Labs 2G-202, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs