OpenSSH Trojan

Dan Eriksen eriksen at
Thu Aug 1 12:35:14 PDT 2002

On Thu, 1 Aug 2002 20:18:12 +0200
Matthias Benkmann <matthias at> wrote:

> Lesson to learn: NEVER EVER build as root.

	If an attacker has any brains, wouldn't he add his exploit to the make install section? So before anyone installs anything they should really be reading through the install target, but that can be a huge job when there are many directories. So most don't.
	Am I missing something here? Installing as a user can help in a tiny number of situations. Most run make install as root without checking what it does, so I fail to see why compiling as a user is a no-brainer. Please enlighten me.

Dan Eriksen
Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list