11 January 2015

A little while ago, a friend and I had an idea for a prank to play on someone who leaves their Linux-based workstation unlocked and unattended (I guess this would work for OS X also, but I don’t have enough experience with that to say for sure).

The goal was to write a line to the target’s /etc/hosts file. For this, we would need privileged access. Now, we know the target well enough to know that they use the familiar sudo command for various tasks, such as installing new packages. We pondered a while on how we could make it work, and came up with a possibility: what if we could set an alias for sudo in the users BASH configuration file, that would executed our desired command?

We figured out this part quite quickly, but then pondered on how we could improve it: what if we could delete the evidence after executing? The perfect crime.

The following was our final incantation in ~/.bashrc:

alias sudo='/usr/bin/sudo sh -c "echo \"127.0.0.1 twitter.com\" >> /etc/hosts" && unalias sudo && sed -i -e "s/alias sudo.*//" ~/.bashrc && sudo'

One way to defend against being fooled by this humourous prank (or malicious attack?) is to prepend a backslash before sensitive commands such as this (so sudo becomes \sudo). This tells BASH to ignore aliases, and use the command directly from the PATH. The question comes to me though, should certain commands be restricted from aliasing?

Our intentions were innocent and light-hearted (and our results were glorious!), but one can see how malice could easily be introduced.


comments powered by Disqus