Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: AW: AW: [suse-security] SuSE security reputation, etc..
  • From: <nix@xxxxxxxxx>
  • Date: Sun, 06 Aug 2000 20:58:08 -0400
  • Message-id: <965609888.398e09a0e313a@xxxxxxxxxxxxxxxxx>
The usual thing that you do is to log in as the user, and install a trojaned
copy of ssh in the user's path (usually .profile or .bashrc etc) then if/when
the user every uses that shell to ssh somewhere else, bingo you have their
password to that system. It's a basic "follow in"....



Quoting OKDesign oHG Security Webmaster <security@xxxxxxxxxxx>:

> > Someone might install some scripts to USER account and for example
> copy
> > all input/output to a file, including su passwords.
> Good idea.
> But how should he manage to get this script started ?
> And even if the script IS started and running, I should see it when
> doing a
> ps, shouldn't I ?
> And I always do ps axf before doing any su-like thing.
> Any other holes ?
> --- Stephan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >