[Purdue-pm] security exploits

Budzik, Michael J. mikeb at purdue.edu
Tue Jan 20 11:29:19 PST 2009


Dave sez:
> I was here when they started up PLUG, the campus Linux group, and one
of 
> the first meetings had the president showing off his fancy SGI box. He

> had a CGI program that would show certain system data on it. He said
it 
> was secure. I tried it, in front of the LUG and everybody. I got it to

> show /etc/passwd with a simple injection attack. And this was in the
bad 
> old days before shadow passwords.

That *would* be embarrassing.  Let's be clear.  If this happened, it
wasn't at one of the first meetings of Plug.  I would remember a fail
like that, and as the founding VP (1995 *if* memory serves), I can
assure you that Matt (the founding Prez) never had an SGI box.  The next
Prez didn't have an SGI either.

I think your timeline (or memory) is off.  I'm going to assume it was a
more recent PLUG prez (they don't make 'em like they used to).  I just
wanted to defend Matt's good name.  

Hey, I'm no longer a lurker!  Bummer that it was off topic.

Mike B


More information about the Purdue-pm mailing list