Alexandre Oliva wrote:
doh ...On Aug 26, 2004, Sylvain Munaut <[EMAIL PROTECTED]> wrote:
It was a distcc 2.13, I know it's not the latest one. And it was
exploited to gain a localshell as the distcc user.
Err... Exploited?
distcc is designed to run whatever command it's sent in the request packet. It is generally a compiler name, but it might as well be /bin/sh, with a shell script as the `preprocessed' sources.
I thought it could only run gcc ... But rereading the security page, that's explained here ...
Sylvain
__ distcc mailing list http://distcc.samba.org/
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/distcc
