|
Security Incidents
mailing list archives
Re: Cracked; rootkit - entrapment question?
From: cdp () PEAKPEAK COM (Chuck Phillips)
Date: Fri, 3 Mar 2000 08:17:21 -0700
Jason Spence writes:
Drew Smith wrote:
can someone PLEASE explain to me why perl does a system(csh) in
places???).
File glob expansions. If you write something like...
system("ls *.txt");
...it gets passed to csh to expand the glob. Csh is used instead of sh
because (traditional) sh won't expand more elaborate globs like
"foo.{txt,exe,mouse}". There has been periodic talk of adapting the zsh
glob expansion code directly into Perl, but I have no idea of the current
status. Could be fixed by now for all I know.
As far as a honeypot goes, the cracker can exec csh or even upload their
own statically linked shell and run that. If you want to fool anyone
beyond "scr1pt k1dd13" status, you'll have to change the way system calls
are handled.
Just MHO,
Chuck
 By Date 
By Thread
Current thread:
- Re: Cracked; rootkit - entrapment question?, (continued)
|
Intro
