[TUHS] Recovered /etc/passwd files

Dave Horsfall dave at horsfall.org
Wed Oct 9 07:02:42 AEST 2019


On Tue, 8 Oct 2019, Arthur Krewat wrote:

> Slightly off-topic, but still UUCP related. If a SunOS box NFS exported 
> /, and I could mount /, even without root NFS access, using the uucp 
> user, I could overwrite uucico because it was owned by uucp. The entry 
> in inetd.conf would automatically run uucico as root. Telnet to the box 
> on that port, and it would happily run whatever I put in the uucico 
> file.
>
> Bad joo-joo.

*Cough cough* I remember that *cough cough*...

Unix systems in those days were broken in subtle ways; we once broke into 
a Gould (marketed as the most secure box on the planet[*]) by 
social-engineering a marketoid (we tricked him into running a custom "ls" 
or something).  "Thank you Sir, and we've just broken into your Gould; 
there's the root prompt".

[*]
They never did pay us our bounty, because we "cheated" :-)

-- Dave


More information about the TUHS mailing list