demon@ibmpcug.co.uk (Cliff Stanford) (09/27/90)
cedman@lynx.ps.uci.edu (Carl Edman) writes: > Now, really: It is very easy to change particularily a programm like > a shell to f.e. put the name of a non-backtraceable account into the > .rhosts file and then send mail to it to inform the hacker that > he has just gotten a new account. Maybe even a su account ? You mean that if that were included in the source to a large program (ELM, for instance) you'd notice it was there before compiling it? I doubt I would. Regards, Cliff. -- Automatic Disclaimer: The views expressed above are those of the author alone and may not represent the views of the IBM PC User Group. -- Cliff Stanford cms@demon.co.uk Demon Systems Limited demon@ibmpcug.co.uk 42 Hendon Lane demon@cix.co.uk London N3 1TT - England +44 81 349 0063
scs@lokkur.dexter.mi.us (Steve Simmons) (09/28/90)
cedman@lynx.ps.uci.edu (Carl Edman) writes: > Now, really: It is very easy to change particularily a program like > a shell to f.e. put the name of a non-backtraceable account into the > .rhosts file and then send mail to it to inform the hacker that > he has just gotten a new account. Maybe even a su account ? demon@ibmpcug.co.uk (Cliff Stanford) replies: > You mean that if that were included in the source to a >large program (ELM, for instance) you'd notice it was there >before compiling it? I doubt I would. I wouldn't either, but to a great degree I'm depending on the collective benefit of the net. Were there a trapdoor buried in elm or some other commonly used code from the net, there's a good chance that *somebody* will notice it fast. And woe to the person who got caught doing it! Of course, this is another reason I'm more likely to blindly compile stuff from comp.sources.{misc,unix} than alt.sources.