: Well if thats how Sun folks feel, here's a fun one for most Solaris boxes..
: rsh to a Solaris 2.3/4/5 box you have an account on, using file
: descriptor 0 (ie your stdin) on your application issue ioctl calls for
: things like setting the address of the loopback interface down. ie your
: app is say "fred" rsh localhost fred and you can take down interfaces
: etc.
: Oh dear it works - does it work on your Solaris2 box, did you know
: that Sun were told (by me and a friend) months ago about the bug so I feel
: its their fault not mine if its not fixed.
Oh, it really works...
Another anecdote about Sun "security":
Read /usr/include/rpcsvc/key_prot.x:
/*
* PROOT and MODULUS define the way the Diffie-Hellman key is generated.
*
* MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
* where p is also prime.
*
* PROOT satisfies the following two conditions:
* (1) (PROOT ** 2) % MODULUS != 1
* (2) (PROOT ** p) % MODULUS != 1
*
*/
const PROOT = 3;
const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
Well, we will not believe to Sun engineers and check it.
Oh, they lied! Really, good generator would be 2, but
"wise" Sun engineers decided, that number theory is wrong
(2 is suspicious number, is not it? 8)8) ), and choosed 3.
It was plain luck, that 3 is only quadratic residue modulo MODULUS,
so that they killed only half of security.
I spent week(!) searching for bug in gmp library
and now I know:
NEVER BELIEVE SUN ENGINEERS.
Well, Sun erroneously published a part of their code
(f.e. RPC), so that everybody can look at it and make sure,
that Solaris works only by a lucky chance 8)
Alexey Kuznetsov.