[Mailinglist] Hack in /tmp
David Desrosiers
daviddes at us.ibm.com
Sun Sep 24 21:54:06 IST 2006
> > lrwxrwxrwx 1 root root 30 Sep 23 23:23 mysql.sock ->
> > ../../var/lib/mysql/mysql.sock=
This isn't a smart file to keep in /tmp.. bad move on their part.
> > -rwsr-xr-x 1 root root 616248 Sep 23 23:23 sh*
> Can you read the content of the file sh*. Is so just see what it does.
> If not try to run the script and read messages/logs generated.
Never, ever, EVER run an unknown shell script that you didn't create and
can't directly read or audit. EVER!
Bad advice on your part. Copy it off to a system you can control, change
the perms on it so you CAN read it, and see what it does. If you don't
understand what it does, ask someone who does. Do not just blindly run it
to see what it does. What if it has no output, but trashes your system and
mails your password, shadow, ~/.ssh/* files to some IP in Romania? You
wouldn't even know.
David A. Desrosiers
Linux on Power Developer Program Manager
daviddes at us.ibm.com
More information about the Mailinglist
mailing list