[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is this a virus?

>if [ -x /root/.configure ]
>then
>  /root/.configure && rm -f /root/.configure && logout
>fi

>Is this not a security hole?

I don't think so. It is meant to let root choose a password, add one
user account (for people who usually won't do that and run their
system with user id root and start wondering when they accidently
delete their operating system) and run the 'dselect' program. For the
.configure gets erased, this only runs after you've installed the
mini-linux from the base floppy.

Be sure that noone is able to write to root's homedirectory (who would
give permission to that???), then you never get a virus-like
.configure script implanted.

Well, in my opinion, it would be better to replace the complete .login
instead of only deleting the .configure...


Best regards,
	Rene

Wer glaubt, dass Projektleiter Projekte leiten,
                        der glaubt auch, dass Zitronenfalter Zitronen falten...
         />
        /<             Rene Tschirley               tschirley@ukbf.fu-berlin.de
[\\\\\\(O):::<========================================- gremlin@cs.tu-berlin.de
        \<                               http://fred.ukbf.fu-berlin.de/~gremlin
         \>
Uni-Klinikum Benjamin Franklin, Abteilung Medizinische Statistik und Informatik

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: