I'd prefer if the exploit wasn't posted on the mailing list or the web pages. We'd be accused of promoting that sort of thing, which I don't want to do - especially in the current political climate.
He can mail it to the individuals who really want to see it. --Bruce Michael O'Donnell wrote: > >Is there an easy way to tee the $HISTFILE to more than one location? > > I believe that BASH history is only updated when > the session ends rather than continuously during the > session, so any session in which somebody messes with > history logging will likely not be recorded. > > That being said, it might be possible (just thinking > out loud here) to make your history file a named > pipe (ie. FIFO). Then maybe some watcher-process > could stare at it and copy any updates to the "safe" > destination of your choice, preferably on another > machine. If the bad guys delete the pipe this > approach could fails, though, unless you also have > that watcher-process silently put things back the > way you want them if it notices that the attributes > of the history file have changed. > > > Also, if there's a perl/networking guru, I'm looking to re-write > > the trojan to look like it's working, but instead be logging the > > intruder's actions, IP, etc. It's a simple backdoor (only about 2.5 > > pages printed), so I might even be able to figure it out myself... > > Post a copy of the original here, please - it sounds interesting. > > Regards, > ---------------------------------------- > Michael O'Donnell [EMAIL PROTECTED] > ---------------------------------------- > > ########################################### > # This transmission has not been approved # > # by the Office of Homeland Security. # > ########################################### > > ***************************************************************** > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > ***************************************************************** -- For the latest local Linux news, go to http://www.gnhlug.org/ . For the latest CodeMeta news, go to http://www.codemeta.com/news . For my personal news, go to http://www.milessmithfarm.net/news . ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
