[Mailinglist] Hack in /tmp
mbpillai at asianetindia.com
mbpillai at asianetindia.com
Sun Sep 24 22:36:46 IST 2006
Quoting David Desrosiers <daviddes at us.ibm.com>:
>> > lrwxrwxrwx 1 root root 30 Sep 23 23:23 mysql.sock ->
>> > ../../var/lib/mysql/mysql.sock=
>
> This isn't a smart file to keep in /tmp.. bad move on their part.
>
>> > -rwsr-xr-x 1 root root 616248 Sep 23 23:23 sh*
>
>> Can you read the content of the file sh*. Is so just see what it does.
>> If not try to run the script and read messages/logs generated.
>
> Never, ever, EVER run an unknown shell script that you didn't create and
> can't directly read or audit. EVER!
>
> Bad advice on your part. Copy it off to a system you can control, change
> the perms on it so you CAN read it, and see what it does. If you don't
> understand what it does, ask someone who does. Do not just blindly run it
> to see what it does. What if it has no output, but trashes your system and
> mails your password, shadow, ~/.ssh/* files to some IP in Romania? You
> wouldn't even know.
>
Pardon me. I missed that point. Thanks Mr. David Desrosiers
With regards
M.Balakrishna Pillai
More information about the Mailinglist
mailing list