Trap Door in Operating System

Another security breach that an insider is responsible for is the presence of trap doors. In its most fundamental form, a trap door is generated by computer code that is deliberately introduced into a computer system by a system programmer for the sole purpose of sidestepping some standard security checks.

Let's take a look at an example to better understand what trap doors are. It was possible for a system programmer to add computer code to the login program that would make it possible for anyone to log in using the login name "codescracker," regardless of the password that was stored in the password file.

The following is an example of how the normal code in the login program might look:

while(TRUE)
{
   printf("Login ID: ");
   get_string(login_id);
   disable_echoing();
   printf("Password: ");
   get_string(login_password);
   enable_echoing();
   v = check_validity(login_id, login_password);
   if(v)
      break;
}
execute_shell(login_id);

The code for the trap door would now look like this after the change:

while(TRUE)
{
   printf("Login ID: ");
   get_string(login_id);
   disable_echoing();
   printf("Password: ");
   get_string(login_password);
   enable_echoing();
   v = check_validity(login_id, login_password);
   if(v || strcmp(login_id, "codescracker") == 0)
      break;
}
execute_shell(login_id);

The sole purpose of the call to the function strcmp() in the code for the trap door that was just presented is to determine whether or not the login name contains the word "codescracker."

If the login name is codescracker, then the attempt to log in is successful; however, if the login name is anything other than codescracker, then the attempt to log in is unsuccessful. It doesn't make a difference here what password is entered.

Now, if this trap door code were inserted by a system programmer working for a computer manufacturer and then shipped with its computer, then the programmer would be able to log into any computer system made by his or her company, regardless of who the owner is or what was contained in the password file.

Bypassing the entire authentication process can be accomplished through the trap door.

The term "trapdoor" refers to a person (usually a hacker) who is able to enter your system without going through the authentication process or your system's security measures. In some circles, it is also referred to as the back door. In a similar manner, if a thief were to break into a house in the real world, they would most likely enter through the back door in order to gain access to whatever it was they desired to steal. Hackers circumvent authentication procedures in order to gain access to computer systems in a manner analogous to that seen in the physical world.

Operating System Quiz


« Previous Topic Next Topic »

Follow/Like Us on Facebook




Subscribe Us on YouTube