[Coco] Question for those familiar with rbf.mn
Allen Huffman
alsplace at pobox.com
Sat Jan 31 20:54:50 EST 2015
> On Jan 31, 2015, at 1:06 PM, Gene Heskett <gheskett at wdtv.com> wrote:
>
> So my question to all is:
>
> Do you in fact, have anything, anywhere on rbf managed storage, that a
> dir -e reports as the owner being non-zero?
Yep. 0 is super user. When I used to let my Sub-Etha partner on to my system to work on stuff, I darned well made sure he wasn’t super user. :)
Then file permissions are:
Owner Read / Owner Write / Owner Exec / Public Read / Public Write / Public Exec
…we was not owner (not 0) so he could only touch things I made pr pw pe :)
OS-9 past 6809 did the same thing with modules, as well, meaning only the proper person could run something in memory. I do not recall 6809 having that, which is how Terry hacked me one night. I was on my screen, and he was dialed in, and we were both working on code. (I LOVE OS-9!!!) He and I were on the phone, and if something crashed he would ask me to kill it — so I’d do a “PROCS” to see and then kill it off.
That’s how he got me. He wrote a program called “PROCS” that did an “attr pe” on the attr command, and then told me something locked up. I typed “procs” to see what was going on, and nothing happened (i DID see it print “—e-rewr” or something that was unexpected but didn’t realize what was going on). He said, oh, it’s working now…
In that moment, he had gained access to the ATTR command and could then run it to give him more power ;-) Awesome.
A similar stunt happened when I was new at Microware, with my manager at the time taking “revenge” on me for sending something to his Sun OS workstation that I had just learned how to do. He managed to kill off everything on my terminal one by one using a security whole in how Sun OS was set up back then… Good times. (Another prank was sending play commands to all the severs in the training room so they’d all start playing toilet flush sounds.)
But I digress...
--
Allen Huffman - PO Box 22031 - Clive IA 50325 - 515-999-0227 (vmail/TXT only)
Sub-Etha Software - http://www.subethasoftware.com - Established 1990!
Sent from my MacBook.
P.S. Since 4/15/14, I have earned OVER $600 in Amazon gift cards via Swagbucks! Use my link and I get credit:
http://swagbucks.com/refer/allenhuffman
More information about the Coco
mailing list