From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id d79112bf for ; Tue, 8 Oct 2019 18:51:52 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 55C939BC29; Wed, 9 Oct 2019 04:51:51 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 57EF39B9B4; Wed, 9 Oct 2019 04:51:37 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (1024-bit key; unprotected) header.d=kilonet.net header.i=@kilonet.net header.b="I8s69mRr"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 363099B9B4; Wed, 9 Oct 2019 04:51:35 +1000 (AEST) Received: from p3plsmtpa09-07.prod.phx3.secureserver.net (p3plsmtpa09-07.prod.phx3.secureserver.net [173.201.193.236]) by minnie.tuhs.org (Postfix) with ESMTPS id ACDC89B9AF for ; Wed, 9 Oct 2019 04:51:34 +1000 (AEST) Received: from medusa.kilonet.net ([72.69.223.115]) by :SMTPAUTH: with ESMTPA id Hua5irWRewe3WHua5i9FoT; Tue, 08 Oct 2019 11:51:34 -0700 Received: from [199.89.231.101] (ender.kilonet.net [199.89.231.101]) by medusa.kilonet.net (8.14.8/8.15.1) with ESMTP id x98IpXU9009421 for ; Tue, 8 Oct 2019 14:51:33 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kilonet.net; s=default; t=1570560693; bh=G3Xj5w1Qxls0KwYWB629K73VI8XAuhAnXD4dnysUfR0=; h=Subject:To:References:From:Date:In-Reply-To; b=I8s69mRrB3L1geaDne7XPg2m+CKn+tT/dDg3XSXXnlEoUcSJbJ1o0kMTFjwT9Svjx 0EfiEXTPxl2gSsL3vntnZV2LX04aAwHIxZx9rO6M1DwBcvedFNpn7n8MWTTFxRxtMT K8uwoNCF5qsNyO3J3zg3MQzkwVVXHmuVrxOqKlPo= To: tuhs@minnie.tuhs.org References: <1570559927.29337.for-standards-violators@oclsc.org> From: Arthur Krewat Message-ID: <2e6e1005-3bbf-5dcc-3fcc-099864c752dc@kilonet.net> Date: Tue, 8 Oct 2019 14:51:28 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <1570559927.29337.for-standards-violators@oclsc.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-CMAE-Envelope: MS4wfP2NDNgbsOTZuWs0GDZwTIejrEMsw/z9FpAQRpyvFk6JbLQZM/+XUFrj8qHZYyFKwFU8Z2/LeDu2fNkJYQ9NY6/wh5MxBkKey4T5vQc+T3uwWcebx2TP KnA8piAA5rvYsPYMiSo3jMR9tt3TYLgmRkUTYg8F5KG57sbCNCyxqujTR5LTSRSIgVhFn6gqgRcgHQ== Subject: Re: [TUHS] Recovered /etc/passwd files X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" Slightly off-topic, but still UUCP related. If a SunOS box NFS exported /, and I could mount /, even without root NFS access, using the uucp user, I could overwrite uucico because it was owned by uucp. The entry in inetd.conf would automatically run uucico as root. Telnet to the box on that port, and it would happily run whatever I put in the uucico file. Bad joo-joo. On 10/8/2019 2:38 PM, Norman Wilson wrote: > Back in the heyday of uucp, some sites were lazy and allowed > uucico access to any file in the file system (that was accessible > to the uucp user). A common ploy for white hats and black hats > was to try > uucp remotesys!/etc/passwd ~/remotesys > or the like, and see what came in and whether it had any easy > hashes (shadow password files didn't quite exist yet). > > The system known to the uucp world as research! was more > careful: / was mapped to /usr/spool/uucp. We left a phony > etc/passwd file there, containing plausible-looking entries > with hashes that, if cracked, spelled out > > why > are > you > wasting > your > time > > I don't remember whether anyone ever stole it by uucp, though > I think Bill Cheswick used it to set up the phony system > environment for Berferd to play in (Google for `cheswick berferd' > if you don't know the story). > > Norman Wilson > Toronto ON >