Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!unmvax!ariel!carina.unm.edu!rhare
From: rhare@carina.unm.edu (robert...)
Newsgroups: comp.unix.wizards
Subject: Re: what should go into a security-checking shell script?
Message-ID: <936@ariel.unm.edu>
Date: 11 Nov 89 02:32:43 GMT
References: <21399@adm.BRL.MIL>
Sender: news@ariel.unm.edu
Reply-To: rhare@carina.unm.edu.UUCP (robert...)
Organization: University of New Mexico, Albuquerque
Lines: 28

In article <21399@adm.BRL.MIL> Kemp@DOCKMASTER.NCSC.MIL writes:
>Jim Magee writes:
> > Dont forget to double check the mount points before doing this.
> > More than once I have seen people mount NFS filesystems over
> > directories just to hide their version of setuid-root shell
> > underneath the mount point.
>

A neat way to check under NFS file systems for files when your can't afford
to umount the filesystem on the local host.

For example:

Host A has /usr/local mounted from Host B

You want to check under /usr/local on host a for hidden files.  You
can use:

mount /usr@hosta /mnt  

Then check in /mnt/local for hidden files.  The files from then NFS mount
will not show up.

Just a cute trick.  If there is an easier way to do this other than reading
the raw disk device please let me know.

Robert Hare
rhare@ariel.unm.edu