home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!gatech!concert!duke!news.duke.edu!ee.egr.duke.edu!jpe
- From: jpe@ee.egr.duke.edu (John P. Eisenmenger)
- Newsgroups: comp.security.misc
- Subject: Re: Passwd traps?
- Message-ID: <jpe.724102017@ee.egr.duke.edu>
- Date: 11 Dec 92 19:26:57 GMT
- References: <1992Dec11.102042.22320@unix.brighton.ac.uk>
- Sender: news@news.duke.edu
- Lines: 29
- Nntp-Posting-Host: ee.egr.duke.edu
-
- ddv@unix.brighton.ac.uk (Domenico De Vitto Hoopy unix frood) writes:
-
- >Well I suppose you'd really want a proggy that runs all the time,
- >checking that only processes of system accounts (ie root) and the actual
- >user logged in on that tty (at that time), has processes with a open fd
- >attatched to the inode that is attatched to a tty. (phew)
-
- Unfortunately the password trap would look correct by this method since both
- it and its tty would be owned by the "trapper". I don't see much of a way to
- prevent this type of thing if it is carried out by someone who covers all the
- angles. For example, someone mentioned a setup at a UCal. site where the
- login program catted the contents of a protected file in the users' home
- directories. This (and practically any other) machine-authentication scheme
- could be attacked by having a program that opens a loopback telnet session
- and simply watches the passing characters. This removes the burden of
- emulating the login program from trap.
-
- -John
-
- --
- *************************************************************************
- * John P. Eisenmenger Phone: (919) 660-5248 *
- * Duke University FAX: (919) 660-5293 *
- * Department of Electrical Engineering Email: jpe@egr.duke.edu (pref) *
- * Box 90291 jpe@cs.duke.edu *
- * Durham, NC 27708-0291 *
- * *
- * Reports of problems w/EE systems should go to problem@egr.duke.edu *
- *************************************************************************
-
