Vulnerability Development mailing list archives
Re: Kill the DOG and win 100 000 DM
From: "Jeffrey W. Thompson" <thompson () ARGUS-SYSTEMS COM>
Date: Fri, 10 Nov 2000 10:19:02 -0600
Link, First off, cool nickname! :) I had a friend in college who went by Linky. I just looked at the rules page, and it looks like they were just going to give out one account. I can't say too much about this as I wasn't involved in the formation of this contest. In regards to your question about telnet'ing in from localhost, this will not work. The reason for this is that you MAC label (ie. TS ALL) is not TS ALL from your remote login. Thus when you telnet locally you will have your label travel with you through STREAMS and you will pick this up from the new in.telnetd that will be spawned. If you try and do a -e "TS ALL" you will simply be booted because the level you are coming in over the network at will not be TS ALL and thus you will fail. Ok, that was a twisted little piece of logic that requires some knowledge to understand. To break it down: 1) When you connected from the internet you logged in as beaner. You network connection from the internet was automatically marked at a different level than TS ALL. This was probably Confidential User or something like that. 2) Your MAC level (Con User) will stay with your process and all its children no matter if you become another user or break a setuid program. 3) All internal data traffic through STREAMS (a mechanism that passes data around for the network stack and some other things - don't know if you or others are familiar with it), receives all security information from the process that sent it. Also, all data coming in from the network is marked at the network stack layer (specifically in IP) based on a set of preconfigured rules. 4) If your process tries to telnet to the local machine its label will be on the stream and will be used in setting up that network connection. This will cause your connection to be at exactly the same level you are at. 5) If you try and pass the -e option to login, it will attempt to log you in at that level. However, because your network connection is at a different level, you will start having MAC failures in STREAMS MAC checks. This will cause your login attempt to fail. 6) Essentially, if you use the telnet mechanism (or an inetd mechanism for that matter), you are forced to come in at either the current level of your process OR if you are coming in externally at the level that a rule set (sorta like a firewall rule) says your connection is to be at. In regards to 'ps', it will only shows those processes whose MAC label you dominate. In other words, if you can read data that is at the level the process is you are looking at, then you will see the process in the 'ps' list. Let me know if I can answer anything else, or if you would like more detail. Cheers, Jeff Jeff Thompson Software Evangelist and Visionary Argus Systems Group, Inc. Lincoln Yeoh wrote:
At 03:25 PM 08-11-2000 -0600, Jeffrey W. Thompson wrote:Hi, Jay Tribick let me know that you guys were having a discussion of the PitBull hacking contest going on right now on this list so I thought I would join and offer myself for questions and whatnot. To introduceOK, just curious about a few things: Wasn't the root password supposed to be published? What would happen if someone telneted in from localhost and tried to login as isso -e "TS ALL", and used the correct password? Does ps show all processes or only certain processes are seen when logged in as beaner? Cheerio, Link.
Current thread:
- Re: Kill the DOG and win 100 000 DM, (continued)
- Re: Kill the DOG and win 100 000 DM Mark (Nov 08)
- Re: Kill the DOG and win 100 000 DM Robert Collins (Nov 08)
- Re: Kill the DOG and win 100 000 DM Scott Fagg (Nov 08)
- Re: Kill the DOG and win 100 000 DM Jon Larimer (Nov 09)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 09)
- Re: Kill the DOG and win 100 000 DM Michael Wojcik (Nov 09)
- Re: Kill the DOG and win 100 000 DM Sherrod, Andrew (Nov 09)
- Re: Kill the DOG and win 100 000 DM Ghory, Zeshan A (Nov 09)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 10)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Mark (Nov 12)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 15)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 15)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)