On Tue, 1 Sep 1998, Kenneth Stephen wrote:
> Mike wrote:
>
> > There are circumstances where you can write to a user's home directory but
> > could not read the passwd file without being noticed...
> >
>
> Could you give me an example of this?
>
Senario:
Hacker has compromised user fred's account, and is doing nasty things with
it
root is logged in on the console
root knows fred and knows that he is unlikely to be logged in atm
If the hacker creates a quick script in fred's homedir, and logs out -
taking a fraction of a second in total, root will not notice. If he tries
to mail the passwd file it will almost definately generate logs, which
root will notice (if they appear on the console, or on a printer) - and
the hacker would be detected.
--
Mike <[EMAIL PROTECTED]>
"Well, if you can't believe what you read in a comic book, what *can*
you believe?!"
-- Bullwinkle J. Moose
