Date: Tue, 25 Jun 1996 03:55:55 -0500 From: "Bradley Dunn" <dunn@harborcom.net> To: -Vince- <vince@mercury.gaianet.net> Cc: security@FreeBSD.org Subject: Re: I need help on this one - please help me track this guy Message-ID: <199606250800.EAA05731@ns2.harborcom.net>
next in thread | raw e-mail | index | archive | help
[CC header trimmed, once again] On 24 Jun 96 at 23:46, -Vince- wrote: > > > > 2) The Cracker made a trojan script somewhere (usually exploiting > > > > some admins (roots) who have "." in their path). This way he creates > > > > a script that when run as root will make him a suid program. > > > > after this he has you by tender bits. > > > > > > Hmmm, doesn't everyone have . as their path since all . does is allow > > > someone to run stuff from the current directory... > > > > Not root! this leaves you wide open for trojans. As root you should > > have to type ./foo to run foo in the current directory. > > Hmmm, really? It seems like almost all systems root has . for the > path but if the directory for root is like read, write, execute by root > only, how will they get into it? *Sigh*. This is turning into elementary sysadmin class. If you are going to admin a system with over 1000 users, you need to learn to think security issues through. If "." is in the path, the cracker can put a trojan horse in some directory where he *can* write, and he will name it something he hopes the unsuspecting admin will execute while root. Bradley Dunn <dunn@harborcom.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606250800.EAA05731>