[Full-disclosure] Plague Proof of Concept Linux backdoor
Rik Bobbaers
Rik.Bobbaers at cc.kuleuven.be
Mon Oct 23 13:15:40 BST 2006
hijacker at oldum.net wrote:
> Hello Rik,
> and how on earth can you make "root" run that piece of code? Do you have
> to specify it in the README section that it is mandatory to run that as
> root in order the "new" application root will be installing to run as
> expected?
<snip>
very simple, YOU own the box and place the backdoor like that
or you make root execute your code one way or another.
point was: it looks rather ... normal, doesn't immediately catch the eye
as being a backdoor
--
harry
aka Rik Bobbaers
K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50
Rik.Bobbaers at cc.kuleuven.be -=- http://harry.ulyssis.org
thinking always leads to conclusions... and those can be extremely dangerous
-- me ;)
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Full-Disclosure is hosted and sponsored by Secunia.