Re: Kill the DOG and win 100 000 DM

["Jeffrey W. Thompson" <thompson () ARGUS-SYSTEMS COM>]

Link,

First off, cool nickname! :) I had a friend in college who went by Linky.

I just looked at the rules page, and it looks like they were just going to
give out one account.  I can't say too much about this as I wasn't involved in
the formation of this contest.

In regards to your question about telnet'ing in from localhost, this will not
work.  The reason for this is that you MAC label (ie. TS ALL) is not TS ALL
from your remote login.  Thus when you telnet locally you will have your label
travel with you through STREAMS and you will pick this up from the new
in.telnetd that will be spawned.  If you try and do a -e "TS ALL" you will
simply be booted because the level you are coming in over the network at will
not be TS ALL and thus you will fail.  Ok, that was a twisted little piece of
logic that requires some knowledge to understand.

To break it down:

1) When you connected from the internet you logged in as beaner. You network
connection from the internet was automatically marked at a different level
than TS ALL.  This was probably Confidential User or something like that.

2) Your MAC level (Con User) will stay with your process and all its children
no matter if you become another user or break a setuid program.

3) All internal data traffic through STREAMS (a mechanism that passes data
around for the network stack and some other things - don't know if you or
others are familiar with it), receives all security information from the
process that sent it.  Also, all data coming in from the network is marked at
the network stack layer (specifically in IP) based on a set of preconfigured
rules.

4) If your process tries to telnet to the local machine its label will be on
the stream and will be used in setting up that network connection.  This will
cause your connection to be at exactly the same level you are at.

5) If you try and pass the -e option to login, it will attempt to log you in
at that level.  However, because your network connection is at a
different level, you will start having MAC failures in STREAMS MAC checks.
This will cause your login attempt to fail.

6) Essentially, if you use the telnet mechanism (or an inetd mechanism for
that matter), you are forced to come in at either the current level of your
process OR if you are coming in externally at the level that a rule set (sorta
like a firewall rule) says your connection is to be at.

In regards to 'ps', it will only shows those processes whose MAC label you
dominate.  In other words, if you can read data that is at the level the
process is you are looking at, then you will see the process in the 'ps' list.

Let me know if I can answer anything else, or if you would like more detail.

Cheers,

Jeff

Jeff Thompson
Software Evangelist and Visionary
Argus Systems Group, Inc.

Lincoln Yeoh wrote:

> At 03:25 PM 08-11-2000 -0600, Jeffrey W. Thompson wrote:
> > Hi,
> >
> > Jay Tribick let me know that you guys were having a discussion of the
> > PitBull hacking contest going on right now on this list so I thought I
> > would join and offer myself for questions and whatnot.  To introduce
>
> OK, just curious about a few things:
>
> Wasn't the root password supposed to be published?
>
> What would happen if someone telneted in from localhost and tried to login
> as isso -e "TS ALL", and used the correct password?
>
> Does ps show all processes or only certain processes are seen when logged
> in as beaner?
>
> Cheerio,
> Link.