Full Disclosure: Re: Old LS Trojan?

[Kevin Finisterre <kf_lists () secnetops com>]

You should think a CISSP could write such a script in like 5 minutes.


David S. Morgan wrote:
> Hey all,
>
> I am looking for an old LS trojan, with trojan being a misnomer.  Essentially, the scinario is that the admin (root) 
> has a . (dot) in his path.  The bad-user knows this, and has crafted an LS shell script (the part that I can't find) 
> that essentially copies /sbin/sh to a hidden directory and then performs some suid majik to make the sh run as if they 
> were root, without needing the root password.  The file then removes itself and does the real version of ls.
>
> Does anyone remember this one, and have the ls script anywhere?  I would like to use it in a demonstration.  I know that this has 
> probobly been fixed in various ways, but I have "old Unixes" for just such occasions.
>
> Dave Morgan
>
> David S. Morgan CISSP, CCNP 
> aka: captkras () earthlink net
> "When the winds of change blow hard enough, even the most tiny object
> can become a deadly projectile"
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html