[distcc] Exploit in distcc ( got compromised ;( )
Sylvain Munaut
tnt at 246tnt.com
Thu Aug 26 15:03:21 GMT 2004
Alexandre Oliva wrote:
>On Aug 26, 2004, Sylvain Munaut <tnt at 246tnt.com> wrote:
>
>
>
>>It was a distcc 2.13, I know it's not the latest one. And it was
>>exploited to gain a localshell as the distcc user.
>>
>>
>
>Err... Exploited?
>
>distcc is designed to run whatever command it's sent in the request
>packet. It is generally a compiler name, but it might as well be
>/bin/sh, with a shell script as the `preprocessed' sources.
>
>
>
doh ...
I thought it could only run gcc ... But rereading the security page,
that's explained here ...
Sylvain
More information about the distcc
mailing list