The usual thing that you do is to log in as the user, and install a trojaned copy of ssh in the user's path (usually .profile or .bashrc etc) then if/when the user every uses that shell to ssh somewhere else, bingo you have their password to that system. It's a basic "follow in".... Cheers Nix Quoting OKDesign oHG Security Webmaster <security@okdesign.de>:
Someone might install some scripts to USER account and for example copy all input/output to a file, including su passwords.
Good idea. But how should he manage to get this script started ? And even if the script IS started and running, I should see it when doing a ps, shouldn't I ? And I always do ps axf before doing any su-like thing.
Any other holes ?
--- Stephan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com