by redmail.netbsd.org with SMTP; 3 Nov 1999 17:40:49 -0000
	by noc.untraceable.net (8.10.0.Beta6/8.10.0.Beta6/bonk!) id dA3Hebn22988;
	Wed, 3 Nov 1999 12:40:37 -0500 (EST)
Date: Wed, 3 Nov 1999 12:40:36 -0500
From: Andrew Brown <atatat@atatdot.net>
To: Hubert Feyrer <hubert.feyrer@rz.uni-regensburg.de>
Cc: "Kevin P. Neal" <kpneal@pobox.com>, tech-security@netbsd.org
Subject: Re: evil? sshd patch
Message-ID: <19991103124036.A22951@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
References: <19991103121756.A22768@noc.untraceable.net> <Pine.GSO.4.05.9911031835300.13112-100000@rfhs8036>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.GSO.4.05.9911031835300.13112-100000@rfhs8036>; from feyrer@rfhs8012.fh-regensburg.de on Wed, Nov 03, 1999 at 06:35:42PM +0100
Return-Receipt-To: receipts@daemon.org
Errors-To: errrors@graffiti.com

>> or do you know someone who changed the root uid as well?  :)
>
>I don't think that's possible.

sure it is.  all you have to do is

 (1) #define ROOT_UID to something else in a header file somewhere...
 (2) change *all* the code that says if (!uid) or something equivalent
     to if (uid != ROOT_UID).

then changing the root uid from zero is trivial.  it's just the amount
of work that's involved that's monumental.  oh, and you'd probably
have a lot of trouble interoperating with other systems.  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."