Re: backdoor question

From: Mythran (
Date: 10/28/02

> Just check this one carefully, as there are a lot of legitimate uses of
> this in a mud, not stock, but I can think of uses.  So just carefully
> check any calls to these VERY carefully.
> >    Check for ipc/shared memory use:
> >    egrep -i '(mmap|shm...|sem...|shmdt|msg...) *\(' *.[ch] |less
> This would be an absolute giveaway.  There's, as far as I can think of
> but might be wrong, absolutely no use for this in a mud.
> >    Check for listeners/sockets other than the main port
> >    egrep -i '(bind|listen|connect|sendmsg|recvmsg) *\(' *.[ch] |less
> connect() would be an absolute giveaway, since a daemon shouldn't be
> calling anyone (unless you have my metaserver patch, or I think the i3c
> package connects() as well.)
> >13. Check 'command_interpreter' of act.wizard.c
> Also, check for anything that contains GET_ID/GET_IDNUM.  He could've
> easily added something that checks for another imp's ID and runs some
> command to either reinstate his char, randomly mess up someone's char,
> or an endless list of other things.  This could possibly show up a LOT
> of lines, and be tedious to check them, but it's still necessary so
> check all of 'em.
> -me

And if you have absolutely no idea what the above says, reformat, reinstall,
start from scratch, and there ya have it :P


   | FAQ: |
   | Archives: |
   | Newbie List:   |

This archive was generated by hypermail 2b30 : 06/25/03 PDT