Adecvax.168 net.unix-wizards,net.general utcsrgv!utzoo!decvax!aps Thu Mar 4 19:14:56 1982 Security at UCB, UNIX I hate to be the one to put this onto the net because I don't want to take credit for finding the info out but Shannon had to pick up Pizza with his wife and he (Bill, that is) is the person who told me. (He found out from ..., well a reliable source. Source, I didn't know if you wanted to be known.) Some students discovered this feature in a terminal and went to Dr. Lynn to see if they could try this out. What if there was this guy logged in as root on this HP terminal and there were these other people also logged in else- where who knew that this guy Root was logged in on this HP terminal. Well this Root guy's terminal would be writable. (Root has mesg y so he can get important requests via write and the like.) Well, these other people would just send to Root's terminal the proper escape sequence to enable the terminal to loop back all things it recieves. So, behold. They could then send "commands" to Root's terminal and the terminal would loop it back to (where else but) the system. The system would execute these commands just as if they were comming from Root's terminal and they really would! And, that's it; a way to execute superuser commands with out being super user (A.K.A. A whole.) (This is the big break in security that Donn Parker was waiting for? I have read a few of his articles and a book. He's ok.) Not too much to worry about, unless you let your root lay around on HP (or other with loop back "features") terminals! All I can say is that I am happier than a pig in X$&% that the problem was not with the VAX! Armando Stettner DEC UNIX Engineering Group. ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.