[ Thanks to David A. Wheeler for this
link. ]
“Using a stolen password, Mallory managed to log into an
important server running Linux. The account was a very limited
account, but Mallory knew how to cause trouble with it. Mallory
installed and ran a trivial program with very odd behavior–it
quickly created and removed many different symbolic link files in
the /tmp directory, using a multitude of processes. (A symbolic
link file, also called a symlink, is simply a file that when
accessed redirects the requester to another file.) Mallory’s
program kept creating and removing many different symlinks pointing
to the same special file: /etc/passwd, the password file.“One of the security precautions on this important server was
that every day it ran Tripwire–specifically, the older version
2.3.0. Tripwire is a security program that detects tampering of
important files. As Tripwire started up it tried to create a
temporary file, as many programs do…”