This project is a proof-of-concept showing how easy it is for system administrators (or any so-inclined sudoer, really) to steal your sensitive data, including passwords. With very minor changes to several core Linux libraries/programs, they can be made to covertly record sensitive data an unsuspecting user passes to them, while remaining functionally unchanged otherwise.
Several examples are provided, including:
- Evil PAM (see
5636afc) - Evil OpenSSL (see
5a3499c) - Evil Mail (see
15c944f) - Evil Bash (see
6d28581) - Evil Firefox (see
evil_firefox/)