Sam Trenholme's webpage
This article was posted to the Usenet group alt.hackers in 1995; any technical information is probably outdated.


Article: 7452 of alt.hackers
From: (Sam Trenholme)
Newsgroups: alt.hackers
Subject: Re: TEST
Date: 27 Feb 1995 06:28:33 GMT
Organization: LLNL Laser Modeling & Optimization
Lines: 30
Approved: Looking for a girl named Denise who goes to UCSC
Distribution: inet
Message-ID: 3irreh$
Status: RO


Didn't work. The ObHack somehow got cut off. Must be some bug in your
posting program.


This Post. (Just Kidding)


I wanted to make this machine here immune to packet-sniffing attacks,
since I regularly log in to this machine through BARNET. The sysadmin
here didn't feel that SKEY was necessary... since I'm the only person on
this machine who logs into it remotely. Fortunatly, I had write
permission on my login shell, since it's tcsh, which I installed myself
as a user (it's in ~/bin, not /usr/local/bin). So I replaced tcsh with a
program I wrote myself, which generates a one-time password, and will
only execute a real shell if you type in the correct one-time password.
Since my shell is not in /etc/shells, a cracker can't get in through
FTP-- the FTP daemon thinks I have a "sorry" shell.

I'll mail it to anyone who wants it-- it's still a hack. For example, it
core dumps if it doesn't see certain files in your home directory. The
program obviously needs work before I post it to comp.sources.unix

Sorry if that didn't make any sense to those of you out there who aren't
hopeless UNIX junkies.
Sam Trenholme-finger



Back to index