Date: Wed, 25 Jul 2001 08:36:31 +0200 (CEST) From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: David G Andersen <danderse@cs.utah.edu> Cc: Peter Pentchev <roam@orbitel.bg>, Jon Loeliger <jdl@jdl.com>, security@FreeBSD.ORG Subject: Re: Security Check Diffs Question Message-ID: <Pine.BSF.4.21.0107250806460.1102-100000@lhotse.zaraska.dhs.org> In-Reply-To: <200107242359.f6ONx9U09628@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Jul 2001, David G Andersen wrote: > It's probably a simple trojan with a pretty interface on it that > says, (if username == "root", ask for their password. If crypt(input) == > that stored password, grant access to the system). I agree that this is the way this thing should work, but I was wondering: I string original ypchfn and I see a bunch of lines like "no uid for %s" resembling arguments for printf() so I guess that is ypchfn's user interface. But in this trojan I can't see neither these lines nor something resembling a path to the original ypchfn. So, my question is: how does it masquerade to the user as original ypchfn not having it's user interface inside? Or, maybe, the trojan contains ypchfn-like user interface but it cannot be seen with by running strings on it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107250806460.1102-100000>