[10294] in bugtraq
Re: bug in ssh allowing to be invisible
daemon@ATHENA.MIT.EDU (Kragen Sitaker)
Wed Apr 21 15:06:03 1999
Date: Tue, 20 Apr 1999 16:19:05 -0400
Reply-To: Kragen Sitaker <kragen@POBOX.COM>
From: Kragen Sitaker <kragen@POBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
Greg writes:
> This means that the potiential unprivialged user can use any account in
> the system (hacked or so), and it's possible that root will not know what
> is happening (or will know when it's too late ;-).
There are dozens of ways you can run a process on a system you have
shell access to without appearing in "finger" or "who". Here are a
few:
command & logout
procmail
.forward
.qmail*
xterm -ut
crontab
This is not a security hole in ssh. This is a security hole in the
head of any Unix sysadmin who uses "finger" or "who" to see who's using
their system.
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
This is exactly how the World Wide Web works: the HTML files are the pithy
description on the paper tape, and your Web browser is Ronald Reagan.
-- Neal Stephenson, at http://www.cryptonomicon.com/beginning_print.html
