home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.hackers
- Path: sparky!uunet!usc!rpi!think.com!spdcc!das-news.harvard.edu!cantaloupe.srv.cs.cmu.edu!bsy
- From: bsy+@cs.cmu.edu (Bennet Yee)
- Subject: Re: Debugging program on mailing machine
- Message-ID: <1992Jul27.174217.20232@cs.cmu.edu>
- Date: Mon, 27 Jul 92 17:42:17 GMT
- Organization: Cranberry Melon, School of Cucumber Science
- Nntp-Posting-Host: play.trust.cs.cmu.edu
- Approved: bsy at play
- References: <1992Jul25.012355.11106@ctr.columbia.edu> <6NQHY31@taronga.com> <5126@vtserf.cc.vt.edu>
- Lines: 33
-
- In article <5126@vtserf.cc.vt.edu> valdis@vttcf.cc.vt.edu (Valdis Kletnieks) writes:
- >In article <6NQHY31@taronga.com> peter@taronga.com (Peter da Silva) writes:
- >>Wow. You're showing anyone who can read the mail spool on half a dozen systems
- >>how to execute any arbitrary program on your account, with your password in
- >>plaintext no less!
- >>
- >>Shouldn't this be in alt.hackers.malicious? :->
- >
- >Peter: No.
- >
- >This belongs in alt.hackers.shot.self.in.foot ;)
-
- If yunz actually skimmed through the code, you'd see that he sends the
- password thru the socket, not in the email. The email only triggers a
- subproc that listens for incoming connections and do password
- authentication prior to spawning anything else. Thus, if you can
- listen to IP traffic, you can get the password, but telnet is
- vulnerable to that too. Of course, there are other cryptographic
- techniques that could be used to eliminate (secret) information leaked
- in the message exchange (zero knowledge protocols).
-
- Anyhow, the author isn't _that_ clueless. Alas, the author also
- ``flames'' about procs that just sits around forwarding traffic and
- actually complements DOS. Apparently he's never heard of
- sendmsg(2)/recvmsg(2) nor figured out how talk(1ucb) works.
-
- Sigh.
-
- -bsy
-
- --
- Bennet S. Yee Phone: +1 412 268-7571 Email: bsy+@cs.cmu.edu
- School of Computer Science, Carnegie Mellon, Pittsburgh, PA 15213-3890
-
