Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!umd5!mimsy!aplcen!osiris!mjr From: mjr@osiris.UUCP (Marcus J. Ranum) Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Message-ID: <1479@osiris.UUCP> Date: 12 Dec 87 17:15:44 GMT References: <459@gtx.com> <405@tardis.cc.umich.edu> <8192@ism780c.UUCP> Organization: Institute For Felinographical Studies Lines: 25 Summary: VMS older version. The older versions of VAX/VMS4.XX had a serious bug in the access control lists. Initially it defaulted to no ACL would allow anyone to create one. It was then easy to put an ACL on the system logical name table with the user's name having write permission. The unscrupulous user could have then set SYSDEVICES SYSLOGIN to use something other than the "default" system LOGIN.COM, which could do just about anything. We never did that, however we notified our system admin, and when they didn't believe us, deassigned the whole table. The trick of making one's own SYSLOGIN.COM would, I suppose, be a sort of trojan horse. Another VAX virus I heard about was a friend of mine who had a system that would not boot normally no matter what. A disgruntled former employee had written a program that was spawned really quietly at boot time and would romp through the process table killing everything except itself as fast as it could. It wasn't hard to fix - (boot off of a spare pack) but it was a bit hard to initially diagnose, I gather. --mjr(); -- Once, there was NO fun... This was before MENU planning, FASHION statements or NAUTILUS equipment... Then, in 1985.. FUN was completely encoded in this tiny MICROCHIP... It contains 14,768 vaguely amusing SIT-COM pilots!!