On Sat, Jun 03, 2006 at 01:35:21PM +0100, mal content wrote:
> % find /home -ls | sort -n +6 | tail -1 | awk '{print $11}'
> /home/joe/just-testing/rc
> % ls -l /home/joe/just-testing/rc
> -rw-r--r-- 1 joe joe 41162685334 Dec 9 10:00 /home/joe/just-testing/rc
> % rm /home/joe/just-testing/rc
> % ls -l /home/joe/just-testing/rc
> ls: /home/joe/just-testing/rc: No such file or directory
> %
> 
> The system administrator later discovers, to his surprise, that the 
> important
> 16000-byte system file /etc/rc has disappeared. What exactly did joe do?

One possibility is that between the first ls -l and the rm that joe 
changed just-testing to a symlink to /etc.  However, I think this attack 
scenario relies too much on joe's ability to blindly predict when the 
sysadmin is about to run rm.

Reply via email to