On Wed, 2 Sep 1998, Mike wrote:
> Date: Wed, 2 Sep 1998 19:43:37 +0100 (GMT)
> From: Mike <[EMAIL PROTECTED]>
> Reply-To: Mike Ricketts <[EMAIL PROTECTED]>
> To: Kenneth Stephen <[EMAIL PROTECTED]>
> Cc: linux-newbie <[EMAIL PROTECTED]>
> Subject: Re: Correctness of the newbie FAQ
>
> On Tue, 1 Sep 1998, Kenneth Stephen wrote:
>
> > Mike wrote:
> >
> > > There are circumstances where you can write to a user's home directory but
> > > could not read the passwd file without being noticed...
> > >
> >
> > Could you give me an example of this?
> >
> Senario:
> Hacker has compromised user fred's account, and is doing nasty things with
> it
> root is logged in on the console
> root knows fred and knows that he is unlikely to be logged in atm
>
> If the hacker creates a quick script in fred's homedir, and logs out -
> taking a fraction of a second in total, root will not notice. If he tries
> to mail the passwd file it will almost definately generate logs, which
> root will notice (if they appear on the console, or on a printer) - and
> the hacker would be detected.
I personaly don't think every sysadmin is gonna read the logs of the night
when he starts work. With <10 users, that could be done, but with over a
100 users, that's an impossible job.
And why would mailing the password file be logged ? All that gets logged
is a mail from user fred to some other e-mail address on the net.
(as a result from doing `cat /etc/passwd | mail [EMAIL PROTECTED]`)
Nothing strange about yet another e-mail being sent out, or is there ?
(and then I'm not talking about the fact that most systems have shadow
nowadays...)
Karel Bemelmans
----------------
Student Information Technology Maastricht
PO Box 616, 6200 MD Maastricht NL
tel.: xx32 (0)-11-253953
e-mail: [EMAIL PROTECTED]
web: http://www.narfum.org
