brute force ssh attack
T. Horsnell
tsh at mrc-lmb.cam.ac.uk
Thu Apr 28 17:53:33 UTC 2005
>William Hooper wrote:
>>
>> Well, the question asked would be nice:
>> "Thus it has some method of getting root privileges."
>>
>> The response:
>> "Inexperienced sysadmins."
>>
>> The quote showing that was the case:
>> "Daniel Kirsten wrote:
>> 'Yesterday, I examined the directory ~daikanyama/.undernet and probably I
>> executed mech as root. The file mech is indeed infected by Linux/Rst-B.
>> This explains everything.......'
>>
>> So the "method of getting root privileges" is "regular users of their own
>> machines" running random executables (like the ones downloaded by a script
>> kiddie) as root.
>>
>> I'm interested in hearing how you would like to close this vulnerability.
>>
>> --
>> William Hooper
>>
>
>I should probably keep quiet, but I don't really mind looking like a fool.
>
>I'm an "inexperienced sysadmin" for my Linux boxes, and I have
>destroyed a few by doing stupid things, like running an untested
>script (that I wrote) as root that deleted all the file in /etc.
>
>What I'd really like is for system files to be mounted read only.
>Maybe by having a hardware switch that makes the system disk read
>only. Booting from a DVD that contained everything except /var, /tmp,
>and /home would be another alternative. This of course requires that
>everyone cleans up their code to only update files in /var, instead of
>writing in /etc.
>
>I'm sure some smart people have already worked out the details for a
>system like this. Anyone aware of this kind of work? I'd be interested
>in seeing it.
See http://www.knoppix.org
Cheers,
Terry.
>
>Thanks,
>
>John Wendel
>
>--
>fedora-list mailing list
>fedora-list at redhat.com
>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the users
mailing list