On Tue, 02 Mar 2004 12:01:08 +0300, d4rk <d4rk@xxxxxxxxxxxxxx> said: > /* or if root is your friend, u can ask him to do it. */ Never underestimate the power of social engineering. I've seen systems r00ted by getting the admin to 'cd' over to a directory to examine a 'failing' program. Files like .exrc, .dbxrc/.dbxinit, and .gdbinit can all be used for mischief with an unsuspecting sysadmin.... "Yep... got an a.out here, got a core here.. 'gdb' and type 'where'. Hmm.. see right there? You got a SEGV because you had a null pointer.." (Yes, and you, mr admin, just got someting more fun than a SEGV when that .gdbinit file in the current directory did something.. ;)
Attachment:
pgp00008.pgp
Description: PGP signature