Re: [dubailug] Re: Reg :permission

Thu, 10 Nov 2005 03:20:49 -0800 

On Wed, Nov 09, 2005 at 07:06:00PM -0000, Stoma Verbum wrote:
> So you get a separate partition with access lists and set the extra
> ACL permissions for the files you want.

But isn't the partition again something that is only really usable when
you have the system priviledges to mount?

> 2. If the root user you're trying to fool with isn't that st00pid, but
> is still a moron, then you do the following:
> A. Mask the executable you don't want executed by root by renaming it
> to something like... two spaces [$ mv MyExecutable "  " or something
> of that calibre.
> B. Make a small C/C++ program that will check the EUID on call and if
> it's not root, will execute your 'hidden' file.

'system' executes a shell command. That actually mean the execute
permission have to be set nevertheless. But that reminds me of
something: some time back I used to maintain a FTP server that had a
publicy writable directory.

There are thousand bots out there that will try to upload a file to that
directory and post its location on a IRC channel. Now the interesting
thing was: one day they've started uploading files with really strange
names. We didn't get the point until one of us used an ordinary FTP
client to list the directory in his terminal window.

What happend was: they've put escape codes in the name that affected the
cursor movement. When you run an 'ls' command printing the filename will
actually make your cursor erase the current line, move to the beginning,
move one line up. When you don't see all this in the first place, the
line with the malicious file will actually not be in the output of the
'ls' command.

Dirk Tilger
Advanced Technologies ME FZ LLC
Tel +971 4 367 1071
Fax +971 4 367 2529
Mob +971 50 8809132
    +966 55 1650025


------------------------ Yahoo! Groups Sponsor --------------------~--> 
Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life.
http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/0XFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/dubailug/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to