As posted by Andries Brouwer to C.O.L.A., January 24, 1999 and
also on linux-kernel.
I just learned that ftp://ftp.win.tue.nl/pub/linux/util/util-linux-2.9g.tar.gz has been compromised (so that 1. It gives anybody who logs in with name #!sh a root shell, and 2. It mails usernames and passwords to wlogain@hotmail.com). Probably you do not want to use this enhanced version. The original version has been put back. It has md5sum ab409a6ac5a775a4b04b8e27f6c86933 util-linux-2.9g.tar.gz I am not aware of anything else that was changed, but of course this means for the time being that anything found on this machine must be regarded as suspect. Andries - aeb@cwi.nl [PS I would be interested in finding precisely when this was done. If you got a non-corrupt version recently, could you mail me date and time?]
An independent
announcement by Andries Brouwer of the util-linux security
breach was posted to the linux-kernel list and is published on
LWN/daily.