Hello Rik, and how on earth can you make "root" run that piece of code? Do you have to specify it in the README section that it is mandatory to run that as root in order the "new" application root will be installing to run as expected?
Indeed, it is hard to tell what it actually does... unless you open your eyes and see sed 's/root/something/g' somewhere. Either way, installing from hundreds of source files, can make even the best sys admin to not notice that part of the source code of the BACKDOOR-contagious application! bad PLAGUE! bad intentions! bad people possibly putting that where root is messing. cheers, -nik > [EMAIL PROTECTED] wrote: >> Are you saying I just injected my system with an account with root >> access >> hiding somewhere? Please, clarify. > > as you can tell by the subject, this is a BACKDOOR, you run it as root, > and yes, than it works and creates a "new root" account > > you ran it as a normal user, so it won't work (you can't read > /etc/shadow as normal user (du'uh)) > > grtz, > > -- > harry > aka Rik Bobbaers > > K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 > [EMAIL PROTECTED] -=- http://harry.ulyssis.org > > thinking always leads to conclusions... and those can be extremely > dangerous > -- me ;) > > Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
