On Mon, Nov 27, 2006 at 04:12:11PM -0500, J. Oquendo wrote: > So again dumbass... > > Look at the script. Although YOU'RE opening /var/log/authlog what is the > script opening. I'm opening authlog as I dont use secure, the same thing applies. > Please tell me you're really not that stupid. And if > someone else decided to modify this script, what does that have to do > with what I posted. How exactly is my script a backdoor as you claim. It's a backdoor because your script doesnt account for out-of-order log entries, usernames or other data containing spaces thus making your field count incorrect, or other daemons using the string `error retrieving` in their log entries. The insecure temporary file creation allows a local user to add entries to the passwd file (for example), or create or modify any file as root. Although it doesnt directly allow them to control the data the fileis created with, combined with the other flaw this is possible. Even without the other flaw, the existence of some files is a problem, such as /etc/.nologin. the test -e and rm is insufficient, firstly as it's a race condition, and secondly as test -e will return 1 on broken (sometimes called dangling) symlinks. > Enquiring minds want to know this since you claim its a backdoor. Please > tell me outside of your modification how this is going to backdoor someone. I'm not sure what you mean by modification, I simply subsituted the name for the logfile I use. Thanks, Tavis. -- ------------------------------------- taviso@xxxxxxxxxxxxxxxx | finger me for my pgp key. -------------------------------------------------------
Attachment:
pgpn7ZCga8Y5U.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/