Re: irssi backdoor question
From: David Chin (dwchin@umich.edu)Date: 05/28/02
- Previous message: Tommaso Di Donato: "Re: Linux Hardening"
- In reply to: Hal Flynn: "Re: irssi backdoor question"
- Next in thread: Jan Jungnickel: "Re: irssi backdoor question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com From: David Chin <dwchin@umich.edu> Date: Tue, 28 May 2002 13:04:48 -0400
In message <Pine.LNX.4.43.0205270918110.26784-100000@mail.securityfocus.com>, H
al Flynn writes:
> I tried to get a copy of the trojaned source, but was unsuccessful.
>
> From what I can gather, there's two likely scenarios involving this
> problem.
>
> Scenario #1:
> The trojaned code was placed in a section of the source which was only
> executed by the user during the initial ./configure ; make ; make
> install sequence.
>
> ...
>
> Scenario #2:
> The trojaned code was placed in the configure that is executed during the
> make install sequence. This would likely result in execution by root, as
> the default goes to /usr/local. Obviously, this requires administrative
> access for successful installation.
>
> ...
From what I can tell, the trojan only ran during the configure phase, but
not the make nor the install phases.
I can't attach the whole configure script because it exceeds ezmlm's size
quota.
Cheers,
--Dave Chin
- Previous message: Tommaso Di Donato: "Re: Linux Hardening"
- In reply to: Hal Flynn: "Re: irssi backdoor question"
- Next in thread: Jan Jungnickel: "Re: irssi backdoor question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
