[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::hackers_v1

Title:-={ H A C K E R S }=-
Notice:Write locked - see NOTED::HACKERS
Moderator:DIEHRD::MORRIS
Created:Thu Feb 20 1986
Last Modified:Mon Aug 03 1992
Last Successful Update:Fri Jun 06 1997
Number of topics:680
Total number of notes:5456

555.0. "Side effects of changing username?" by OASS::M_HYDE (hanging on in quiet desperation) Thu Sep 17 1987 12:26

        I have a little macro program that changes the username of
        a process. You know, run the program and now instead of M_HYDE
        I'm H_ACKER.
        
        It appears to just plug the new username into the JIB
        (JIB$T_USERNAME).  My question is what are the potential
        effects of this on the normal running of the system if you
        change your username for a while.  No hacking, etc., just
        change the username, then read mail, read notes, write some
        code, etc.  Some effects are obvious such as the new username
        being used on notes that you write etc.  Are there any hidden
        effects, screwed up accounting records, etc.
        
        Thanks for your thoughts.
        
        mark
T.RTitleUserPersonal
Name		DateLines
555.1A few side effects...BEES::SCHLIESMANNShoe horns don't work in a crowdThu Sep 17 1987 13:249
Ayn accounting that is recorded while the process has the bogus username
set will use the bogus username.

Any image that verifies the existence of a user in SYSUAF.DAT will fail
if you are not set to a valid username (ie. can't read mail, use Allin1...)

If you set your username to a name that is valid (but not you), you will
be acting as that user. (send mail as that user, write notes as that user,
etc).
555.2Changing UsernameFOO::BHAVNANIThe dome is unclimbable.Fri Sep 18 1987 05:2017
	Re .0, could you post the .MAR rtn here?  Do you need special
	privs  to  change  your username?  .1 mentioned that you must
	select  a  valid username - if the rtn looks up the sysuaf, I
	suppose  the  process  running  the  rtn must require certain
	privs  to  do  this,  assuming  of course that the pgm is not
	installed with privs.

	Also,  since  the  sysuaf  is looked at, does one inherit any
	privs  or  quotas of the bogus username?  That could prove to
	be very dangerous to say the least.

	If  you'd  rather  not  post  the  rtn here, pl. send mail to
	FOO::{SYSTEM,BHAVNANI}.


	Tnx much,
	/ravi
555.3This has been done before.FROST::HARRIMANI've heard this song beforeFri Sep 18 1987 15:549
    
    See also 30.12 - although that routine is missing it's SETIPL and
    occasionally crash your system - read more in 30.* for that....
    
    You most certainly need some kind of privilege (CMKRNL specifically)
    to mung anything in the kernel. I would not install this on anything
    with more than one user (read: I would not install this on anything)
    
    /pjh
555.4Never had a problem, 'cuz I follow the rulesMDVAX3::COARMy hero? Vax Headroom, of course!Thu Dec 17 1987 17:5217
    In addition, by changing your username to that of another valid
    user, you will be allowed to READ that person's mail, so watch out.
    
    Batch and print jobs will go into the queues under your old username,
    as will (I think) accouting records - unless you also hit
    CTL$T_USERNAME (or whatever it's called).  The P1 cell is what the
    $SNDJBC routines use, and the image rundown accounting too, I'm
    pretty sure.
    
    I've got a version of this written in BLISS that looks like
    
    	$ SETJOB /FIELD={ACCOUNT|USERNAME} /SCOPE={PROCESS|JOB} newvalue
    
    I've used it for years without a single problem.  I SETIPL to SYNCH
    before doing anything, naturally.  CMKRNL is all you need.
    
    #ken	:-)}