chapter 6, installing kernel headers

Don Smith don_smith at att.net
Sun Jan 19 11:24:25 PST 2003


Gerard Beekmans wrote:
> 
> On January 17, 2003 04:29 am, Richard Lightman wrote:
> > Better still, do not ever extract tar archives as root:
> >
> > [root at urusai root]# echo -e '#! /bin/bash\necho Not trojanned' >/bin/trojan
> > [root at urusai root]# chmod 755 /bin/trojan
> > [root at urusai root]# trojan
> > Not trojanned
> > [root at urusai root]# tar -t </var/tmp/crack.tar
> > crack/
> > crack/bin
> > crack/bin/trojan
> > [root at urusai root]# tar -x </var/tmp/crack.tar
> > [root at urusai root]# trojan
> > #! /bin/cat
> >
> > This is the trojanned version
> > [root at urusai root]#
> 
> So ./crack/bin is in your $PATH then?

His example is off. I think he is saying someone could append a
trojanned /bin/ls to any tarball and if you extract that tarball as
root, the trojanned ls would end up in your /bin. Probably a good idea
to not extract things as root.

Don
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list