On Sun, 1 Apr 2007, Pavel Kankovsky wrote:
You do not have to rely on some other user running your trojan horse.
You can replace a program run automatically (e.g. by cron). Or something
even better: replace system dynamic libraries (e.g. /lib/tls) and run a
dynamically linked setuid program
On Wed, 28 Mar 2007, Tim Rees wrote:
All other system binaries (e.g. screen etc.) are now inaccessible, but
if a user (or root) runs sudo (or whatever the user names it) in the
meantime before someone realises something is wrong, the malicious
binary will be executed.
You do not have to rely
TrueCrypt 4.3 for Linux from http://www.truecrypt.org/
It seems to be possible to perform various denial of service attacks on a Linux
computer running TrueCrypt in set-uid root mode, or possible introduce evil
binaries into normally trusted locations. I tested this on the latest
version, 4.3,