Mail Archives: cygwin/2010/10/01/05:33:58
Gregg Levine wrote:
> On Mon, Sep 27, 2010 at 11:26 PM, SJ Wright <sjwright68 AT charter DOT net> wrote:
>
>> SJ Wright wrote:
>>
>>> First, a little background:
>>>
>>> In quite a few previous edits of my .bash_aliases file, I've used the same
>>> alias to cd to a particular folder. Tonight I typed it in and got the
>>> following as a return:
>>>
>>>> [/cygdrive/c/blu/newest]
>>>> mintty-cygwin>>smith
>>>> + laugh
>>>> + pwd
>>>> /cygdrive/c/blu/newest
>>>> + cd /cygdrive/c/taiga/
>>>> + pwd
>>>> /cygdrive/c/taiga
>>>> + cd /cygdrive/c/taiga
>>>> [/cygdrive/c/blu/newest]
>>>>
>>> When I went to view .bash_aliases in nano, the alias 'smith' (changed at
>>> my prerogative for discussion on this list) was missing. As far as I know,
>>> it was there as recently as 5 AM today; I believe I used it around noon
>>> today (27 September) as well.
>>>
>>> Should I be worried? I've never heard of Cygwin being a target for --the
>>> precise term escapes me at the moment so I'll say-- this kind of intrusion,
>>> if that's what it is. As for potential "routes in," I have sshd running on
>>> cygrunsrv but nothing else. Time to change my login password, maybe?
>>>
>>> Steve W.
>>>
>>> --
>>>
>>>
>> Of course, I edited the path for the alias back into .bash_aliases (didn't
>> want to give up the convenience, after all) but was prudent enough to use
>> another word than "smith" for it. {Think first Duke of Marlborough.}
>>
>> SJW
>>
>>
>
> Hello!
> Well I ran Google on that term, and came up with the Wikipedia page.
> ((Which I won't cite here.)) But don't you mean Mr Churchill the PM
> actually? (He also was entitled to use that entry into the peerage.)
>
> You may not have anything to worry about, however I am not a security
> expert as far as Cygwin goes, I'm more of a user on it, and even on
> Linux.
>
> I do suggest you change your passwords for both that system and for the SSH one.
>
> If that's not possible then make it impossible for the system to be
> reached that way online via SSH.
> -----
> Gregg C Levine gregg DOT drwho8 AT gmail DOT com
> "This signature fought the Time Wars, time and again."
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
>
>
Anyone else care to chime in/advise/suggest something?
Presently I'm doing a context search of my Cygwin folder for the word
"laugh" (the outstanding non-command word or phrase used in the harmless
hack). I've already scanned, by eye, grep and two developer-type text
editors, my dotfiles and the default ones in /etc/defaults/ -- though
frankly this last seems a little too obvious a route for anyone who's
going to drop a 'sleeper' script that fouls up a shell alias to take.
Ever notice how hackers and "script kiddies" tend to make targets of
things people already are complaining about? Windows, numerous websites,
and this, the latest maintenance upgrade of Cygwin. (But then, this is
just an observation -- the only proof I have is in what happened to the
change-directory alias known as "smith" in my .bash_aliases file, since
modified.)
SJ Wright
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -