brute force ssh attack

John Summerfied debian at herakles.homelinux.org
Wed May 4 01:09:02 UTC 2005 

Matthew Miller wrote:
> On Thu, Apr 28, 2005 at 09:29:22AM -0400, William Hooper wrote:
> 
>>>I'm sorry -- I thought that *was* the point. Seriously, what more
>>> context does one need here?
>>
>>Well, the question asked would be nice:
>>"Thus it has some method of getting root privileges."
>>The response:
>>"Inexperienced sysadmins."
> 
> 
> Okay. Sure. That is, "regular users of their own machines". :)
> 
> So it turns out I didn't miss the point at all.
> 
> 
>>So the "method of getting root privileges" is "regular users of their own
>>machines" running random executables (like the ones downloaded by a script
>>kiddie) as root.
>>
>>I'm interested in hearing how you would like to close this vulnerability.
> 
> 
> In this case, some simple "don't do that" would have helped. But in the case
> of the sort of tricks that work on Windows users ("But the e-mail came from
> my friend!" "I wanted to see the funny animation it said was in there!") can
> work on Linux users too. We need to *address* that, not just say "this is
> approximately zero threat". Obviously education is part of it. A more
> sophisticated SE Linux could be another.

Umm.
If my email client runs programs included in email, that's a bug,
If it breaks when interpreting HTML or displaying graphics images or 
playing noises, that's a bug.

I can easily report bugs, and I can easily choose a different email 
client: I have half-a-dozen or so installed.

I was reading a little while ago about a tbird (scrit execution) bug on 
Windows. The moz fold fixed it the same day it was reported. The same 
problem occurs in The Beast's wares. The Beast is thinking about it.



> 
> For this particular situation, something like ClamAV + Dazuko would have
> helped. Obviously this wouldn't address the 'rm -rf /" problem, but it *can*
> help with a lot of malware.

for "rm -rf /" to work at its best, it needs to be run with root 
privilege. On my systems, that would remove my files and nobody else's. 
It would be distressing to me, but the system would be fine.




-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

More information about the users mailing list