On Mon, Nov 27, 2006 at 04:12:11PM -0500, J. Oquendo wrote:
So again dumbass...
Look at the script. Although YOU'RE opening /var/log/authlog what is the
script opening.
I'm opening authlog as I dont use secure, the same thing applies.
Please tell me you're really not that stupid. And if
someone else decided to modify this script, what does that have to do
with what I posted. How exactly is my script a backdoor as you claim.
It's a backdoor because your script doesnt account for out-of-order log
entries, usernames or other data containing spaces thus making your
field count incorrect, or other daemons using the string `error
retrieving` in their log entries.
The insecure temporary file creation allows a local user to add entries
to the passwd file (for example), or create or modify any file as root.
Although it doesnt directly allow them to control the data the fileis
created with, combined with the other flaw this is possible. Even
without the other flaw, the existence of some files is a problem, such
as /etc/.nologin.
the test -e and rm is insufficient, firstly as it's a race condition,
and secondly as test -e will return 1 on broken (sometimes called
dangling) symlinks.
Enquiring minds want to know this since you claim its a backdoor. Please
tell me outside of your modification how this is going to backdoor someone.
I'm not sure what you mean by modification, I simply subsituted the name
for the logfile I use.
Thanks, Tavis.
--
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------
pgpF6Whw2cs2x.pgp
Description: PGP signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
