Re: irssi backdoor questionFrom: David Chin (email@example.com)
- Previous message: Tommaso Di Donato: "Re: Linux Hardening"
- In reply to: Hal Flynn: "Re: irssi backdoor question"
- Next in thread: Jan Jungnickel: "Re: irssi backdoor question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firstname.lastname@example.org From: David Chin <email@example.com> Date: Tue, 28 May 2002 13:04:48 -0400
In message <Pine.LNX.firstname.lastname@example.org>, H
al Flynn writes:
> I tried to get a copy of the trojaned source, but was unsuccessful.
> From what I can gather, there's two likely scenarios involving this
> Scenario #1:
> The trojaned code was placed in a section of the source which was only
> executed by the user during the initial ./configure ; make ; make
> install sequence.
> Scenario #2:
> The trojaned code was placed in the configure that is executed during the
> make install sequence. This would likely result in execution by root, as
> the default goes to /usr/local. Obviously, this requires administrative
> access for successful installation.
From what I can tell, the trojan only ran during the configure phase, but
not the make nor the install phases.
I can't attach the whole configure script because it exceeds ezmlm's size