[ILUG] Porting MyDoom to Linux

[Rick Moen]

Quoting Colm MacCarthaigh (colm at stdlib.net):

> On Tue, Feb 03, 2004 at 10:01:22AM -0800, Rick Moen wrote:
> > This is why we sysadmins teach people to say "/bin/su" when su'ing to
> > root.  Eh, you never learned that?  Sorry to hear.
> 
> Exec to a new shell that ignores that, whatever, it doesn't matter.

Mercy me, which MUA not only execs a new shell, but then attempts to run
su from it?  Please let us know.

> The principle remains the same, once you have compromised a root
> holders account, root is next, in pretty short order. It's not hard,
> there are many many trivial ways. 

Your hand waves have just gotten about an order of magnitude more vague.

> There are *no* serious difficulties. Once you have a root users
> account, you're there.

Example?

Sorry, telling me that you might in some hypothetical vulnerability
scenario theoretically change an alias value within the shell of some
MUA, which might then be lead to run the wrong process in place of su,
if hypothetically it could be induced to attempt to run su, rather
completely fails to be an example.

> Replace their shell, replace their binaries, invade their memory,
> LD_PRELOAD, whatever you like. There are zero barriers to you getting
> access to everything they do. 

Sure, it's a simple matter of posting rubbish to mailing lists.  Noting
could possibly be more elementary!

-- 
Cheers,                   The cynics among us might say:   "We laugh, 
Rick Moen                 monkeyboys -- Linux IS the mainstream UNIX now!
rick at linuxmafia.com       MuaHaHaHa!" but that would be rude. -- Jim Dennis