Path: utzoo!mnetor!uunet!husc6!think!bloom-beacon!athena.mit.edu!jfc From: jfc@athena.mit.edu (John F Carr) Newsgroups: sci.crypt Subject: Re: Unix Password Hacker Message-ID: <3740@bloom-beacon.MIT.EDU> Date: 14 Mar 88 03:32:46 GMT References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM> <1988Mar2.235819.18983@utzoo.uucp> <8469@eddie.MIT.EDU> Sender: daemon@bloom-beacon.MIT.EDU Reply-To: jfc@athena.mit.edu (John F Carr) Organization: Massachusetts Institute of Technology Lines: 48 In article <8469@eddie.MIT.EDU> jbs@fenchurch.MIT.EDU (Jeff Siegal) writes: >Reasonably secure systems rely on layers of difficult-to-bypass >barriers (e.g. fence, man-eating-dogs, armed guards, locks on building >doors, building alarm system, video cameras, motion detectors, locks >on computer room door(s), etc.) rather than one "impenetrable" maginot >line. I second this. I had a summer job programming computers. I have described earlier how the computer operator left her passsword written in the log, to which I had access (when she wasn't at her console). With this password I theoretically had total access to the system and all its files (note that this was not a UNIX system, on which root can instantly read all files, but another operating system). I could read and modify real memory. So, from one point of view I had broken the system. By the reasoning of some of the articles on this subject, there should have been no more security since it was now possible to do anything I wanted with the computer. However, my employer was paranoid (but we all know that even paranoids have real enemies...). The password I had was not the one which would satisfy the security program to allow me to access any user's files. To get at files for which I had no permission, I would have had to patch the operating system to bypass the security checks. While this was possible, since I had the permissions to put my own programs into the operating system, it would have been far from easy or quick. I didn't try this, not having any desire to read others' files, and so the multi-level security worked. The only person who could have easily proceeded past where I got is an assembly language programmer (which I am) with a very good knowledge of the details of the operating system and related programs (which I did not have). If I had had malicious intent (say, I got fired but was able to dial in from outside to get revenge) I could have casued trouble by shutting down or randomly rebooting the machine, but no more. The cause of this would have been obvious from the account logs, and the password would have been quickly changed. No single layer of security is "impenetrable". Multiple layers may come close. John Carr "No one wants to make a terrible choice jfc@Athena.MIT.EDU On the price of being free" --Neil Peart