| Date: Fri, 22 Apr 2005 15:53:12 +0100 (IST)
| From: Paul Jakma <paul at clubi.ie>
| On Thu, 21 Apr 2005, kevin lyda wrote:
| > directory: http://searchfar.com/.bashrc/ .
| > an amusing way to hide your evil files.
| > anyway, something else to search for in security
| > scripts: normal rc files existing as directories.
| Not only that, but you'd have to actually inspect the contents of
| .bashrc (from a shell context which /did not/ use that bashrc).
eh? the hacked `.bashrc' is a directory.
bash(1) requires a file, and complains if it
finds a directory (when run interactively):
bash: /home/luser/.bashrc: is a directory
yes, if you have/had a writable `.bashrc' _file_,
or the (home) directory itself is writable, then
there is an inspection issue. but I do not see
an inspection problem per se for this attack,
where it is a directory. (but, since the system
clearly has been compromised, you should not be
using anything on the system to inspect/repair
it!) IMHO, the attack is rather clumsy — amusing
but nonetheless clumsy — since it is so obvious.
Experienced (20+ yrs) kernel/software Eng: | Brian Foster Montpellier,
• Unix, embedded, &tc; • Linux; • doc; | blf at utvinternet.ie FRANCE
• IDL, automated testing, process, &tc. | Stop E$$o (ExxonMobile)!
Résumé (CV) http://www.blf.utvinternet.ie | http://www.stopesso.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!