Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site ucf-cs.UUCP Path: utzoo!linus!wivax!decvax!harpo!floyd!vax135!ariel!hou5f!orion!houca!hogpc!houxm!hocda!spanky!burl!duke!goldfarb@ucf-cs.UUCP (Ben Goldfarb Esq.) From: goldfarb@ucf-cs.UUCP Newsgroups: net.unix-wizards Subject: Re: a thought about UNIX login security Message-ID: <977@ucf-cs.UUCP> Date: Thu, 23-Jun-83 00:09:19 EDT Article-I.D.: ucf-cs.977 Posted: Thu Jun 23 00:09:19 1983 Date-Received: Fri, 24-Jun-83 20:21:02 EDT References: <1115@rti.UUCP> Organization: University of Central Florida Lines: 8 If the unpassworded account that Thompson and Morris found (joe) had uid=0 and gid=3, just like root, why did they have to go any further? They became superuser when they logged in as joe. -- Ben Goldfarb uucp: ...!duke!ucf-cs!goldfarb ARPA: goldfarb.ucf-cs@Rand-Relay