Finding Passwords
Curtis Yarvin
cgy at cs.brown.edu
Sun Oct 7 03:03:49 AEST 1990
In article <21948:Oct606:29:2890 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <651 at puck.mrcu> paj at uk.co.gec-mrc (Paul Johnson) writes:
>> A plain trojan could not make the correct response:
>> all it could collect would be the user's challenge.
>
>That's a spoof. Read the paragraph quoted above that you're responding
>to: I'm not talking about a spoof.
>
>---Dan
Forgive me if I am ignorant. But the problem here seems to be that a
trojan is possible at all. In order to be a true trojan (not a spoof),
a program must call setreuid(2). Thus its euid must be root. A trojan can
do this by execing /bin/login, because login is setuid. But why should
login be setuid? Seems to me it only really needs to be executed by
getty, which runs as root anyway. Flame me if I am completely confused.
-Curtis
"I tried living in the real world
Instead of a shell
But I was bored before I even began." - The Smiths
More information about the Comp.unix.internals
mailing list