[distcc] Exploit in distcc ( got compromised ;( )
Alexandre Oliva
oliva at lsd.ic.unicamp.br
Thu Aug 26 13:13:38 GMT 2004
On Aug 26, 2004, Sylvain Munaut <tnt at 246tnt.com> wrote:
> It was a distcc 2.13, I know it's not the latest one. And it was
> exploited to gain a localshell as the distcc user.
Err... Exploited?
distcc is designed to run whatever command it's sent in the request
packet. It is generally a compiler name, but it might as well be
/bin/sh, with a shell script as the `preprocessed' sources.
--
Alexandre Oliva http://www.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}
More information about the distcc
mailing list