Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Plague Proof of Concept Linux backdoor

From: Rik Bobbaers <Rik.Bobbaers () cc kuleuven be>
Date: Mon, 23 Oct 2006 14:15:40 +0200
hijacker () oldum net wrote:

Hello Rik,
and how on earth can you make "root" run that piece of code? Do you have
to specify it in the README section that it is mandatory to run that as
root in order the "new" application root will be installing to run as
expected?

<snip>

very simple, YOU own the box and place the backdoor like that
or you make root execute your code one way or another.

point was: it looks rather ... normal, doesn't immediately catch the eye 
as being a backdoor

-- 
harry
aka Rik Bobbaers

K.U.Leuven - LUDIT          -=- Tel: +32 485 52 71 50
Rik.Bobbaers () cc kuleuven be -=- http://harry.ulyssis.org

thinking always leads to conclusions... and those can be extremely dangerous
-- me ;)

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: