Outline for November 24, 2003
Reading: Chapter 22.3-22.5
The program sendmail is a message transport agent; that is, it moves
mail from one host to another. It also logs each use in the syslog
file. One day, I observed the following entries:
Oct 28 06:14:15 nob sendmail: GAA18680: /bin/sed... Cannot mail directly to files
Oct 28 06:14:52 nob sendmail: GAA18681: to=<decode>, from=</dev/null>, delay=00:00:44, mailer=prog, stat=Sent
- What is suspicious about the first syslog entry? What
do you think the author of the first mail message was trying to do?
Did it work?
- The decode address passes a message to the uudecode(1)
program. This program transforms the letter into a file, and puts
it into the file system where the mail message says. What does the
second message indicate?
- What fundamental problem underlies both of these mail messages?
Outline for the Day
- Malicious logic
- Quickly review Trojan horses, viruses, bacteria; include animal and Thompson's compiler trick
- Logic Bombs, Worms (Schoch and Hupp)
Here is a PDF version of this document.