Re: backdoor question

• Next message: Mythran: "Re: backdoor question"
• Previous message: Mythran: "Re: backdoor question"
• Next in thread: Mythran: "Re: backdoor question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 28, 2002 at 09:07:49PM -0800, Mythran wrote:
>>
>> Just check this one carefully, as there are a lot of legitimate uses of
>> this in a mud, not stock, but I can think of uses.  So just carefully
>> check any calls to these VERY carefully.
>>
>> >    Check for ipc/shared memory use:
>> >    egrep -i '(mmap|shm...|sem...|shmdt|msg...) *\(' *.[ch] |less
>>
>> This would be an absolute giveaway.  There's, as far as I can think of
>> but might be wrong, absolutely no use for this in a mud.
>>
>> >    Check for listeners/sockets other than the main port
>> >    egrep -i '(bind|listen|connect|sendmsg|recvmsg) *\(' *.[ch] |less
>>
>> connect() would be an absolute giveaway, since a daemon shouldn't be
>> calling anyone (unless you have my metaserver patch, or I think the i3c
>> package connects() as well.)
>>
>> >13. Check 'command_interpreter' of act.wizard.c
>> Also, check for anything that contains GET_ID/GET_IDNUM.  He could've
>> easily added something that checks for another imp's ID and runs some
>> command to either reinstate his char, randomly mess up someone's char,
>> or an endless list of other things.  This could possibly show up a LOT
>> of lines, and be tedious to check them, but it's still necessary so
>> check all of 'em.
>>
>>
>> -me
>>
>
>And if you have absolutely no idea what the above says, reformat, reinstall,
>start from scratch, and there ya have it :P

Gee, and I thought I explained it real simply.
If it's his box, that's simple.  If it's hosted elsewhere then there's
problems.  He's worried about a coder putting backdoors in his mud.  I'm
thinking in terms of a good coder with malicious intent who could/would
want to root the box.

-me

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+

• Next message: Mythran: "Re: backdoor question"
• Previous message: Mythran: "Re: backdoor question"
• Next in thread: Mythran: "Re: backdoor question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 06/25/03 PDT