Re: Kill the DOG and win 100 000 DM

[//Stany <stany () NOTBSD ORG>]

On Mon, 6 Nov 2000, Lincoln Yeoh wrote:
> At 10:12 PM 11/4/00 -0000, Talisker wrote:
[...]
> > I suspect the prize money may draw a few zero-day exploits out of the
> > woodwork
>
> Well they only have the ports open on the first day.
>
> It only starts to get interesting on the 3rd and 4th days.

> Probably more fun to get an evaluation copy or two and mess about with it
> for 30 days.

For starters, PitBull is freely available for non-commercial use -
http://www.argusrevolution.com/pitbullsupport.html  I played with it for a
bit, but it is extremely cumbersome in day to day operations on a
multi-user system.

The version that they release for free (PitBull Foundation MU 3.0)
installs only on a particular releases of Solaris 7 - 10/98 and 8/99
inclusive - which, IIRC, corresponds to stock Sol 7 as first shipped
through to MU3 of Sol 7.   If you install MU 4, or, God forbid, roll on
7_Recommended, you will end up with having to wade through pages and pages
of patch compatability information to identify if the patch in a
particular revision as you installed it is compatable, or not.    This
leads me to believe that some of the exploits might still be possible on a
stock install of free PBF MU 3.0 if it is installed according to the 6
double paged installation guide provided on teh web site - libc and ttdb
and comsat exploits in particular.   Of course PitBull does provide the
patch cluster with their patches integrated, but I were not cool enough to
have a valid username/password pair for the support section on the
commercial Argus site to download them.

Of course the version that Argus tests will be the commercial one, so
expect it to be fully patched.

More info about patches:
https://www.argus-systems.com/support/updates/sol7.0.sparc/pitbull30.shtml

root password is rather useless to give out as even stock Solaris will not
let one to log in over the network as user, same thing is for isso/sa/so
users on PBF MU 3.0, and it's unlikely that there will be any other
accounts.

> But such publicity stunts are always useful. You get free media exposure
> for spending the premium on the insurance (if insured), or DM100,000 *
> probability of hack.

As it stands now, the contest is rather rigged, as while the Argus
engineers who configured the system do understand the differences in
priviledges between isso, sa, root and so users that PitBull needs, it is
unlikely that this and other security concepts will be fully grasped by an
average SA deploying the B2 level system, and misconfigured system will
end up providing fake security.

So in my humble opinion a more representative contest would be if a person
from a .com, with lots of Solaris, or Linux, or NT, or whatever experience
were given the Sun box, a Solaris CD, an Argus CD, a heap of
documentation, and a couple of days to get it running, and then the system
he configured be put up for a break-in attempts, because such contest in
turn would be actually representative of a larger chunk of PitBull
installations in the wild.

Of course Argus will never agree to such a contest, as in that case they
are likely to loose face due to the user mixup.  If they do, I'd have to
agree that they have balls and confidence in their technical writers.

Signed:
//Stany
--
+-------+ Stanislav N Vardomskiy - Procurator Odiosus Ex Infernis[TM] +-------+
| "Backups we have; it's restores that we find tricky." Richard Letts at ASR  |
| This message is powered by JOLT!  For all the sugar and twice the caffeine. |
+--------+ My words are my own.  LARTs are provided free of charge. +---------+