John W. Lemons III <[EMAIL PROTECTED]> wrote:
> >Good. Now check for all the other places it could be in :>
>
> I did an ls -alR | grep... and it came up clean.
>
> >1. Modify the rc start up scripts to create a setuid shell
> > somewhere.
>
> clean...
Except that a bad guy who had root can install a replace ls/find/etc which
won't list his files. And if he's a little smarter, he can install a
kernel module which will hide his files from _every_ system utility. And
the kernel module hides itself...etc, etc.
If he wants to, he can keep just about anyone from finding the holes he's
left behind.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
