Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: NMO not setuid-root (Unix-only)
Jonathan Leffler wrote:
> chmod u=srx,g=sx,o=x ...
>
> It's simpler to use 6511 from where I sit (but twenty years of
> thinking of permissions in octal has probably distorted the neuronic
> pathways a bit :-).
Hey, I cut my teeth in hexa! Octal is too
uncompressed for me.
:)
> the intruder has got root privileges on your machine. A careful
> intruder would target the insecure executable carefully to cover
their
> tracks:
>
> cp -p /insecure/program /tmp
> cp /bin/ksh /insecure/program
> /insecure/program
> ...this runs a Korn shell and in that shell, intruder executes...
> cp -p /tmp/program /insecure/program
> ...and probably ensures they can get back into the system on
demand...
> cp /bin/ksh /...
> chmod 4555 /...
LOL! Precious!
> didn't change, etc). An alternative to /... is an odd-ball name like
> /bin/procchk - which doesn't usually exist as an ordinary program but
> looks plausibly Unixy and might just need SUID root privileges in the
> ordinary course of events.
Hehehe! Lure them away with the truth. :)
> Jonathan Leffler #include <disclaimer.h>
> Email: jleffler_at_earthlink.net, jleffler_at_us.ibm.com
> Guardian of DBD::Informix v2003.04 -- http://dbi.perl.org/
I knew there had to be some good *nix stuff in an Informix man. Thanks a lot for the excellent and informational post, Jonathan. Received on Wed Dec 01 2004 - 05:26:16 CST
![]() |
![]() |