home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.hackers
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!csa!kibirev
- From: kibirev@csa.bu.edu (oleg kibirev)
- Subject: Re: /etc/passwords
- Organization: Computer Science Department, Boston University, Boston, MA, USA
- References: <Brt4nI.IFw@undergrad.math.waterloo.edu> <1992Jul22.223744.24893@news.uiowa.edu> <bill.711863712@chaos.cs.umn.edu>
- Message-ID: <1992Jul23.055902.1951@ctr.columbia.edu>
- Sender: news@ctr.columbia.edu (The Daily Lose)
- Approved: net@gods
- Date: Thu, 23 Jul 1992 05:59:02 GMT
- X-Posted-From: csa.bu.edu
- X-Posted-Through: sol.ctr.columbia.edu
- Lines: 23
-
- In article <bill.711863712@chaos.cs.umn.edu> bill@chaos.cs.umn.edu (Hari Seldon) writes:
- >In <1992Jul22.223744.24893@news.uiowa.edu> stu@hitchcock (Stuart F. Oberman) writes:
- >
- >>Obhack: Implementing the aforementioned trojan horse
- >>scheme, where the yellow pages is consulted and password is verified
- >>before it writes to a file. However, while this is (somewhat) easily
- >>done, an additional challenge is to log the user in and mask your own
- >>process, so that the entire event appears transparent.
- >don't forget to get rid of the capturing process. wouldn't want some
- >user to do a ps and see it hanging there.
- >
- If you make your process a process group leader (setpgid(0,0)) and detach
- it from tty, ps won't display it w/o both -g and -x switches. Neither it's
- hard to name the nasty program at will, like "sh" or "in.telnetd".
-
- Don't forget to debug your password grabber. Wouldn't want some user
- to break from it to your shell and add (sleep 256;stty 0)& to your
- .cshrc. Or get a hold of sh setuid to you.
-
- Oleg Kibirev
-
-
-
-
