Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uflorida!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn )
Newsgroups: comp.unix.wizards
Subject: Re: Crackers and Worms
Message-ID: <8926@smoke.BRL.MIL>
Date: 18 Nov 88 04:19:27 GMT
References: <1308@zippy.eecs.umich.edu>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 12

In article <1308@zippy.eecs.umich.edu> cja@crim.eecs.umich.edu (Charles J. Antonelli) writes:
>consider the statement contradicted.  daemon is just another non-root uid.

Not quite right.  Several "system" UIDs/GIDs can be exploited to cause
a variety of unanticipated actions, some of which can eventually yield
superuser access rights.  The cron system is an obvious candidate for
this since at some point a superuser-privileged process handles the
files.

Even a system administrator or programmer's account may be enough to
sneak a Trojan horse into a system, which can if it wishes wait until
invoked by UID 0 to do further mischief.