Re: irssi backdoor question

From: David Chin (
Date: 05/28/02

From: David Chin <>
Date: Tue, 28 May 2002 13:04:48 -0400

In message <>, H
al Flynn writes:
> I tried to get a copy of the trojaned source, but was unsuccessful.
> From what I can gather, there's two likely scenarios involving this
> problem.
> Scenario #1:
> The trojaned code was placed in a section of the source which was only
> executed by the user during the initial ./configure ; make ; make
> install sequence.
> ...
> Scenario #2:
> The trojaned code was placed in the configure that is executed during the
> make install sequence. This would likely result in execution by root, as
> the default goes to /usr/local. Obviously, this requires administrative
> access for successful installation.
> ...

From what I can tell, the trojan only ran during the configure phase, but
not the make nor the install phases.

I can't attach the whole configure script because it exceeds ezmlm's size

--Dave Chin