[ale] hackers and thier methods
Chris Fowler
cfowler at outpostsentinel.com
Tue Feb 19 19:37:27 EST 2002
,If I
am correct. VI allows shell execution. For instance. Lets
assume ythat bob is only allowed to run vi and
edit a file. That is all.
<FONT face=Tahoma
size=2>Â
In his shell script
or in the passwd file you would have something like this
<FONT face=Tahoma
size=2>Â
<FONT face=Tahoma
size=2>Â
exec /bin/vi
/usr/data/daily_report
<FONT face=Tahoma
size=2>Â
Bob will login
every day edit the daily report and cron will send it out to
everyone.
<FONT face=Tahoma
size=2>Â
Bob gets
crafty. In vi he does :!/bin/ksh. Now bob has a shell.Â
Ouch. What more can bob do? Little things like that can cause
problems.
<FONT face=Tahoma
size=2>Â
 <SPAN
class=820553400-20022002>
Â
 -----Original
Message-----From: Stephen Turner
[mailto:artic_knight at yahoo.com]Sent: Tuesday, February 19, 2002 5:43
PMTo: ale at ale.orgSubject: [ale] hackers and thier
methods
so i remove all these packages from my box, should i bother
removing vi? it offers no hacks as i see it but i suppose my REAL
question is, can a linux hacker or someone hacking linux run programs outside
of your box that will configure, alter the box? or do you have to add programs
such as a text editor in order to alter text? and what stops them from
installing or "planting" them on my server?
Do You Yahoo!?Yahoo!
Sports - Coverage of the 2002 Olympic Games
More information about the Ale
mailing list