[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] hackers and thier methods

Subject: [ale] hackers and thier methods
From: cfowler at outpostsentinel.com (Chris Fowler)
Date: Tue, 19 Feb 2002 19:37:27 -0500


,If I 
am correct.?? VI allows shell execution.?? For instance.?? Lets 
assume ythat bob is only allowed to run vi and 
edit a file.?? That is all.
<FONT face=Tahoma 
size=2>??
In his shell script 
or in the passwd file you would have something like this
<FONT face=Tahoma 
size=2>??
<FONT face=Tahoma 
size=2>??
exec /bin/vi 
/usr/data/daily_report
<FONT face=Tahoma 
size=2>??
Bob will login 
every day edit the daily report and cron will send it out to 
everyone.
<FONT face=Tahoma 
size=2>??
Bob gets 
crafty.?? In vi?? he does :!/bin/ksh.?? Now bob has a shell.?? 
Ouch.?? What more can bob do??? Little things like that can cause 
problems.
<FONT face=Tahoma 
size=2>??
??<SPAN 
class=820553400-20022002>
??
??-----Original 
Message-----From: Stephen Turner 
[mailto:artic_knight at yahoo.com]Sent: Tuesday, February 19, 2002 5:43 
PMTo: ale at ale.orgSubject: [ale] hackers and thier 
methods
so i remove all these packages from my box, should i bother 
  removing vi? it offers no hacks as i see it but??i suppose my REAL 
  question is, can a linux hacker or someone hacking linux run programs outside 
  of your box that will configure, alter the box? or do you have to add programs 
  such as a text editor in order to alter text? and what stops them from 
  installing or "planting" them on my server?
  
  
  Do You Yahoo!?Yahoo! 
  Sports - Coverage of the 2002 Olympic Games

Prev by Date: [ale] suggested kernel?
Next by Date: [ale] hackers and thier methods
Previous by thread: [ale] hackers and thier methods
Next by thread: [ale] hackers and thier methods
Index(es):
- Date
- Thread