OpenSSH Trojan

Dan Eriksen eriksen at canada.com
Thu Aug 1 12:35:14 PDT 2002


On Thu, 1 Aug 2002 20:18:12 +0200
Matthias Benkmann <matthias at winterdrache.de> wrote:

> Lesson to learn: NEVER EVER build as root.

	If an attacker has any brains, wouldn't he add his exploit to the make install section? So before anyone installs anything they should really be reading through the install target, but that can be a huge job when there are many directories. So most don't.
	Am I missing something here? Installing as a user can help in a tiny number of situations. Most run make install as root without checking what it does, so I fail to see why compiling as a user is a no-brainer. Please enlighten me.

Dan Eriksen
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list