Date: Tue, 25 Jun 1996 01:32:31 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: Bradley Dunn <dunn@harborcom.net> Cc: security@FreeBSD.org, jbhunt <jbhunt@mercury.gaianet.net>, Chad Shackley <chad@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy Message-ID: <Pine.BSF.3.91.960625013118.21697k-100000@mercury.gaianet.net> In-Reply-To: <199606250800.EAA05731@ns2.harborcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, Bradley Dunn wrote: > [CC header trimmed, once again] > > On 24 Jun 96 at 23:46, -Vince- wrote: > > > > > > 2) The Cracker made a trojan script somewhere (usually exploiting > > > > > some admins (roots) who have "." in their path). This way he creates > > > > > a script that when run as root will make him a suid program. > > > > > after this he has you by tender bits. > > > > > > > > Hmmm, doesn't everyone have . as their path since all . does is allow > > > > someone to run stuff from the current directory... > > > > > > Not root! this leaves you wide open for trojans. As root you should > > > have to type ./foo to run foo in the current directory. > > > > Hmmm, really? It seems like almost all systems root has . for the > > path but if the directory for root is like read, write, execute by root > > only, how will they get into it? > > *Sigh*. This is turning into elementary sysadmin class. If you are > going to admin a system with over 1000 users, you need to learn to > think security issues through. If "." is in the path, the cracker can > put a trojan horse in some directory where he *can* write, and he > will name it something he hopes the unsuspecting admin will execute > while root. Well, the problem here is one of the admins know the user and he was watching him just run the program himself, the root user had nothing to do with executing anything... Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960625013118.21697k-100000>