[Courses] [FS] Lesson 2 - Symlinks Question
Elwing
elwing at elwing.org
Mon Jul 14 12:27:10 EST 2003
> - Some crackers have taken advantage of the fact that many shells do
> ignore the ".." entry in directories... by unlinking ".." and
> creating a subdirectory named "..". This then functions as a
> nicely hidden place to plunk things. No one's going to look twice
> at ".." -- they're just going to assume that it's what it usually
> is. Unless someone does an "ls .." or the like, they're never
> going to notice it, unless/until they run a file system check.
>
> (Some crackers use "...". A normal "ls" doesn't show dotfiles,
> and in an ls -a, many people will just subconsciously skip the "."
> and ".." entries... and not notice that there's a "..." as well.
> And, of course, a file system check won't complain about "..."
> existing -- it's a strange directory name, but a legal one.)
>
Another popular cracker technique is to create directories called ".. "
(with that extra space in there). Including non-printable characters can
make it miserable for an admin to figure out the exact name much less
delete it without deleting the ".." directory as well.
Laura
More information about the Courses
mailing list