Path: utzoo!mnetor!uunet!husc6!hao!oddjob!gargoyle!ihnp4!occrsh!occrsh.ATT.COM!rjd From: rjd@occrsh.ATT.COM Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Message-ID: <140200002@occrsh.ATT.COM> Date: 7 Dec 87 16:14:00 GMT References: <459@gtx.com> Lines: 28 Nf-ID: #R:gtx.com:-45900:occrsh.ATT.COM:140200002:000:1601 Nf-From: occrsh.ATT.COM!rjd Dec 7 10:14:00 1987 > Sure. If I wanted to get into someone's files to pull a prank, I would > write a program to give me a shell, put it in an unprotected directory, > and change ownership to the person whose files I wanted to get into. > > Then I would send them mail that had embedded in it commands to enter > the necessary command to make my program setuid into the memory of their > HP terminal and then send the entered sequence to Unix. Most of the time > it wasn't even noticed if it was buried properly. Now all I had to do > was run the setuid program and I was them. Yeah, when I was first getting into the security aspects of Unix, I was friends with an inexperienced administrator of a system that left his terminal with programmable and pollable function keys writable. Just check to see if a "who -u" shows him idle for a few minutes, send the escape sequences to program the keys, then poll them, and voila!! Once he caught on to that (as I said, he was a friend, and I was telling him most of what I did), I switched over to the mailing of the escape sequences. After that, I told him all the techniques that I had used and the defense (and also told him where ALL of the be-root programs were). I still got blamed for stuff that was not my fault, but them's the breaks. Moral: Either don't do it or be VERY careful because anything that goes wrong will be blamed on you. Also: Always forward root's mail to a user and then still read it through a filter such as "cat -v", and never have root's terminal writable. These escape sequence methods work between machines via uucp also. Randy