Trap door is another security hole caused by an insider.
Basically trap door is created by computer code that is inserted into the computer system by a system programmer just to bypass some
normal check.
To understand about trap door, let's consider an example, a system programmer could add the computer code to the login program just to
allow anyone to log in using the login name "codescracker", no matter here about what was in the password file.
The normal code in login program might look like the following code:
while(TRUE)
{
printf("Login ID: ");
get_string(login_id);
disable_echoing();
printf("Password: ");
get_string(login_password);
enable_echoing();
v = check_validity(login_id, login_password);
if(v)
break;
}
execute_shell(login_id);
Now, the trap door would be the change to the following code:
while(TRUE)
{
printf("Login ID: ");
get_string(login_id);
disable_echoing();
printf("Password: ");
get_string(login_password);
enable_echoing();
v = check_validity(login_id, login_password);
if(v || strcmp(login_id, "codescracker") == 0)
break;
}
execute_shell(login_id);
Here, in the above trap door code, the call to the function strcmp is just to check whether the login name is "codescracker" or not.
If the login name is codescracker, then the login attempt succeeds and if the login name
is not codescracker, then the login attempt doesn't succeeds.
Here, it doesn't matter what password is typed.
Now, if this trap door code were inserted by a system programmer working for a computer manufacturer and then shipped with its computer,
then the programmer could log into any computer system made by his/her company, no matter who the owner is and what was in the password
file.
The trap door is used to bypass the whole authentication process.
Operating System Online Test
« Previous Tutorial
Next Tutorial »
