|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Cracked; rootkit - entrapment question?
From: Chuck Phillips (cdp
PEAKPEAK.COM)Date: Fri Mar 03 2000 - 09:17:21 CST
- Next message: Mike Fratto: "Re: Cracked; rootkit - entrapment question?"
- Previous message: Chuck Phillips: "Re: Cracked; rootkit - entrapment question?"
- Next in thread: Dave Dittrich: "Re: Cracked; rootkit - entrapment question?"
- Maybe reply: Chuck Phillips: "Re: Cracked; rootkit - entrapment question?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jason Spence writes:
> Drew Smith wrote:
> can someone PLEASE explain to me why perl does a system(csh) in
> places???).
File glob expansions. If you write something like...
system("ls *.txt");
...it gets passed to csh to expand the glob. Csh is used instead of sh
because (traditional) sh won't expand more elaborate globs like
"foo.{txt,exe,mouse}". There has been periodic talk of adapting the zsh
glob expansion code directly into Perl, but I have no idea of the current
status. Could be fixed by now for all I know.
As far as a honeypot goes, the cracker can exec csh or even upload their
own statically linked shell and run that. If you want to fool anyone
beyond "scr1pt k1dd13" status, you'll have to change the way system calls
are handled.
Just MHO,
Chuck
- Next message: Mike Fratto: "Re: Cracked; rootkit - entrapment question?"
- Previous message: Chuck Phillips: "Re: Cracked; rootkit - entrapment question?"
- Next in thread: Dave Dittrich: "Re: Cracked; rootkit - entrapment question?"
- Maybe reply: Chuck Phillips: "Re: Cracked; rootkit - entrapment question?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]