|
There's a bunch of reasons why the student may have legitimately had root access to the machine. It's also possible he simply had physical access to the machine too, at which point root access is just effort.
|
#
?
Nov 22, 2015 18:42
|
|
|
|
| # ? Jun 5, 2024 15:26 |
|
|
Volte posted:Given root access to a machine it's a pretty well-known way to poison it. It's a well-known idea, entirely due to Ken Thompson's paper. It's also a hell of a lot of effort for no great benefit. Which is why it's reasonable to be sceptical that it has actually been done.
|
|
#
?
Nov 22, 2015 18:54
|
|
|
I also doubt the story as it is, because Komputer Klub Kid apparently put in way too much effort just to make sure racist messages appeared, not to mention that the dude apparently wasn't charging for his maintenance work after a certain point. However, it's entirely plausible that there's a university that has a poo poo IT department that gives out root access to everyone that asks nicely. Still, the story scared me more than actual ghost stories.
|
|
#
?
Nov 22, 2015 20:04
|
|
|
HardDisk posted:I also doubt the story as it is, because Komputer Klub Kid apparently put in way too much effort just to make sure racist messages appeared, not to mention that the dude apparently wasn't charging for his maintenance work after a certain point. And to put in a remote access backdoor. It's possible he was putting in the effort after being inspired by Trusting Trust and then put in the racist messages as a secondary thing.
|
|
#
?
Nov 22, 2015 20:13
|
|
|
It's still pointless as an endpoint thing. If you want a backdoor, just modify login or whatever. There's no point modifying the compiler on a single computer unless it's the build server that produces os updates, unless we're talking some os that delivers updates only in source form, which seems kinda unlikely even in the 1980s?
|
|
#
?
Nov 22, 2015 20:46
|
|
|
Soricidus posted:It's still pointless as an endpoint thing. If you want a backdoor, just modify login or whatever. There's no point modifying the compiler on a single computer unless it's the build server that produces os updates, unless we're talking some os that delivers updates only in source form, which seems kinda unlikely even in the 1980s? For daemons/system software, in the early 80s, on Unix? Absolutely. Even now, for that matter - before apt-get and friends, the way to install <package> on a random Unix was to download the source tarball and compile and install it, because there were so many Unices on so many random hardware platforms that doing binary releases of everything was too hard and so you'd download a source tarball and configure script. If you /are/ running something non-mainstream then if you want the latest version of <foo> that's how you have to do it today, too. This is why Unix since the very early days has shipped with at least a K&R C compiler as part of the standard install.
|
|
#
?
Nov 22, 2015 21:01
|
|
|
On OSX, the Macports package manager builds many packages from source by default. Compromising the system C compiler would be a fairly effective attack vector if you specifically wanted to pwn programmers.
|
|
#
?
Nov 22, 2015 21:21
|
|
|
brew is better anyways.  But not much safer, because it can compile whatever the heck it's told to.
|
|
#
?
Nov 22, 2015 21:38
|
|
|
I've never trusted brew. The idea of a package manager developed by ruby programmers gives me the willies, it is fond of blowing away .profile without warning and I was quite put off by how much time the brew site devotes to bashing macports instead of describing its own actual benefits. As far as I'm concerened the only issue with ports is it generally takes a long time to update packages.
|
|
#
?
Nov 22, 2015 21:43
|
|
|
The main reason I like brew is it installs the fewest packages necessary to get to the end state. Last time I tried macports it had a fetish with rebuilding dependencies just because they were dependencies, ignoring whether the base OS provided them or not.
|
|
#
?
Nov 22, 2015 21:46
|
|
|
Homebrew does the same thing of generally not using the OS provided versions of libraries, because the OS versions are ten year old.
|
|
#
?
Nov 22, 2015 22:01
|
|
|
I stopped using brew because El Capitan gave it a good gently caress you with /usr/local being root, which I always thought was screwy about it.
|
|
#
?
Nov 22, 2015 22:13
|
|
|
Does my first ever coding assignment count? (13 years ago) http://pastebin.com/amByRM46 Turbo Pascal with "high precision time  " feature;code:
|
|
#
?
Nov 23, 2015 00:26
|
|
|
Soricidus posted:There's no point modifying the compiler on a single computer unless it's the build server that produces os updates, These days on a modern Linux system you'd attack rpm or dpkg. You can take a rpm or deb file, confirm the signature on it, even manually compare it with a known-good hash, or whatever, and as soon as you use the package manager to install it your binaries get backdoored. Of course, you have to make sure to backdoor and updates to rpm or dpkg themselves.
|
|
#
?
Nov 23, 2015 01:38
|
|
|
ExcessBLarg! posted:It's not about modifying the compiler, it's about modifying the "package manager". In the Unix 80s, the compiler was effectively the package manager. I'm not saying this kind of attack isn't feasible. I'm just saying that in general, if you have the level of access necessary to pull it off, there is probably going to be a less convoluted way to achieve your goals.
|
|
#
?
Nov 23, 2015 04:07
|
|
|
Soricidus posted:Or ... you could just modify a config file to make it use a repository you control? Yeah, that'll totally stop the binary from adding its own extra flavor to whatever it downloads.
|
|
#
?
Nov 23, 2015 04:44
|
|
|
Dessert Rose posted:Yeah, that'll totally stop the binary from adding its own extra flavor to whatever it downloads. You misunderstand me. I'm saying that's what the attacker does. Instead of modifying the binary.
|
|
#
?
Nov 23, 2015 05:10
|
|
|
While I'm also skeptical that this ever actually happened (mostly due to the refusal to be paid bit), saying that there are more practical ways to pull off the attack does ignore that not everyone thinks past the first idea they come up with. In my experience people, especially people who are convinced of their own cleverness, will very often come up with an idea that should work, then ignore anything else that might come up later.
|
|
#
?
Nov 23, 2015 05:36
|
|
|
Soricidus posted:There's no point modifying the compiler on a single computer unless it's the build server that produces os updates, unless we're talking some os that delivers updates only in source form, which seems kinda unlikely even in the 1980s? Tip: If you can get your hands on Thomas J. Ryan's The Adolescence of P-1, do so. It's long out of print, the premise is ridiculous, but it's a neat read. It also has the greatest (IMHO) last line in literary history. Wikipedia. Warning: Spoilers the whole thing, including the final gag.
|
|
#
?
Nov 23, 2015 06:41
|
|
|
HardDisk posted:I also doubt the story as it is, because Komputer Klub Kid apparently put in way too much effort just to make sure racist messages appeared, not to mention that the dude apparently wasn't charging for his maintenance work after a certain point. When i was at college the admin pete knew what he was doing, but then he was about to leave and the new admin Colin was a bbc-b network person and knew nothing about unix, so Pete came to the group of us who were always hacking the system, and gave us the root password so we could stop the 1st years crashing the system, - it never went down during that year - Once we left the now second years were crashing it hourly. My modified SU program wasnt found until 6 months into the next year - if you typed su <CR> then ^Y <CR> it would log you in as root with no logging 
|
|
#
?
Nov 23, 2015 07:14
|
|
|
Soricidus posted:Or ... you could just modify a config file to make it use a repository you control? The goal is to silently re-infect the machine even after the sysadmin has detected and removed the exploit. An altered config file is easy to detect, an altered version of rpm rather less so. This is why if your system does get hacked, it's safest to do a complete wipe and re-install even if you think you've cleaned it up. (and even that won't help if your EFI firmware gets hacked, which has been done at least as proof of concept)
|
|
#
?
Nov 23, 2015 14:52
|
|
|
TheresaJayne posted:My modified SU program wasnt found until 6 months into the next year - if you typed su <CR> then ^Y <CR> it would log you in as root with no logging That's actually really cool. 
|
|
#
?
Nov 23, 2015 14:57
|
|
|
feedmegin posted:The goal is to silently re-infect the machine even after the sysadmin has detected and removed the exploit. An altered config file is easy to detect, an altered version of rpm rather less so. This is why if your system does get hacked, it's safest to do a complete wipe and re-install even if you think you've cleaned it up. (and even that won't help if your EFI firmware gets hacked, which has been done at least as proof of concept) A competent admin will always wipe and rebuild. An incompetent admin could miss trivial changes as easily as sophisticated ones. Either way, though, you would be foolish to assume the admin is incompetent, so detection is probably game over and the only goal worth putting effort into is making sure your hack isn't neutralised accidentally by installing an update or whatever.
|
|
#
?
Nov 23, 2015 15:28
|
|
|
I started a C project today and typedcode:
FlapYoJacks fucked around with this message at 15:58 on Nov 23, 2015 |
|
#
?
Nov 23, 2015 15:33
|
|
|
code:
|
|
#
?
Nov 23, 2015 15:57
|
|
|
Bognar posted:
Yeah, wouldn't the compiler throw a warning about unreachable code?
|
|
#
?
Nov 23, 2015 15:59
|
|
|
ratbert90 posted:I started a C project today and typed I hate the time it takes to reboot the brain when switching languages. Especially when php gets involved, so many idiotic function names.
|
|
#
?
Nov 23, 2015 16:02
|
|
|
xzzy posted:I hate the time it takes to reboot the brain when switching languages. I can't remember the regex API for any language I've used. I have to look it up every time.
|
|
#
?
Nov 23, 2015 16:22
|
|
|
ratbert90 posted:Yeah, wouldn't the compiler throw a warning about unreachable code? Compiler is only as smart as the average voter, I wouldn't expect it to figure this out on its own.
|
|
#
?
Nov 23, 2015 17:37
|
|
|
qntm posted:I can't remember the regex API for any language I've used. I have to look it up every time. Seriously, brainspace used to remember how regex works is wasted space. When you end up needing it, googling is easy. For many languages there's even regex generators that will give you reasonably good first attempts to work from (but don't just use what they spit out as your regex, that's a horror!).
|
|
#
?
Nov 23, 2015 17:46
|
|
|
xzzy posted:I hate the time it takes to reboot the brain when switching languages. God yes. I also mix up variable declarations a ton at first as well. WHAT DO YOU MEAN I CAN'T JUST USE var i; in C?
|
|
#
?
Nov 23, 2015 18:04
|
|
|
Soricidus posted:A competent admin will always wipe and rebuild. An incompetent admin could miss trivial changes as easily as sophisticated ones. Either way, though, you would be foolish to assume the admin is incompetent I think you are overestimating the number of competent admins out there, personally.
|
|
#
?
Nov 23, 2015 18:14
|
|
|
LeftistMuslimObama posted:Seriously, brainspace used to remember how regex works is wasted space. When you end up needing it, googling is easy. For many languages there's even regex generators that will give you reasonably good first attempts to work from (but don't just use what they spit out as your regex, that's a horror!). Not the syntax for regexes themselves, the API. Where's the match method, is it on the string or on the regex object? Or is it matches in this language? Does it return a boolean or the matched string? Does it also return an index where the match matched, or is that kept internally? In the string or the regex object? It's different every time.
|
|
#
?
Nov 23, 2015 18:14
|
|
|
php:<?
if($file_path !== FALSE) {
$data = file_get_contents($file_path . $filename);
$name = $filename;
force_download($name, $data);
} else {
echo 'error2';
exit;
redirect('');
}
?>
|
|
#
?
Nov 23, 2015 18:30
|
|
|
feedmegin posted:I think you are overestimating the number of competent admins out there, personally. My group does okay, we treat our nodes like they're Windows NT boxes.. got a problem? Reboot and reinstall! We carefully cultivated an environment where the nodes themselves have zero irreproducible data. All user data is on fiber or network attached disk and backups are their responsibility. Every once in a while this results in some drama but so far upper management has supported us.. they point to the computing policy and tell the dude who just blew away his thesis to go pound sand.
|
|
#
?
Nov 23, 2015 18:40
|
|
|
qntm posted:Not the syntax for regexes themselves, the API. Where's the match method, is it on the string or on the regex object? Or is it matches in this language? Does it return a boolean or the matched string? Does it also return an index where the match matched, or is that kept internally? In the string or the regex object? It's different every time. That's what I mean. Don't memorize that either. When you need it, look it up. Unless your problem domain is just constant text mangling, it seems pretty unlikely you need fluent command of the regex api in any of the languages you work in.
|
|
#
?
Nov 23, 2015 18:50
|
|
|
xzzy posted:I hate the time it takes to reboot the brain when switching languages. For a while after spending some time writing nothing but C, I was incapable of writing the word "print" without it turning into "printf". I would realize I'm about to type "print", tell myself that this time I wouldn't add an "f" at the end, and yet it always ended up there. It honestly felt weird.
|
|
#
?
Nov 24, 2015 01:27
|
|
|
It's worse in an agile environment where the sprintf planning periods rarely have as much formatting information as you'd expect.
|
|
#
?
Nov 24, 2015 01:38
|
|
|
YeOldeButchere posted:For a while after spending some time writing nothing but C, I was incapable of writing the word "print" without it turning into "printf". I would realize I'm about to type "print", tell myself that this time I wouldn't add an "f" at the end, and yet it always ended up there. It honestly felt weird. When riding a bicycle, step 1 of making the bicycle not go somewhere is to not look at the thing you're trying to avoid.
|
|
#
?
Nov 24, 2015 02:05
|
|
|
|
| # ? Jun 5, 2024 15:26 |
|
|
JawnV6 posted:It's worse in an agile environment where the sprintf planning periods rarely have as much formatting information as you'd expect. I think you forgot the  on that one...
|
|
#
?
Nov 24, 2015 07:01
|
|
