James Knott wrote:
Aaron Kulkis wrote:
James Knott wrote:
David Bolt wrote:
On Mon, 21 Jan 2008, James Knott wrote:-
<snip>
Anti-virus software is generally not necessary with Linux, unless it's being used as a mail or file server in a Windows network. AFIK, there's never been a viable Linux virus. That depends on whether you include worms and trojans under the definition of a virus. If so, there have been Linux viruses in the wild. I still have a copy of a loader script and the IRC bot[0] that was installed by it, grabbed from an infected server just over 2 years ago[1].
IIRC, the method of infection for that particular worm was to insert shell commands[2] into a URL passed to a web server running an exploitable version of PHP. The commands were executed by a root shell and was used to download the loader script, set its mode to 744 and then execute that. The script in question downloaded 2 files, one was the IRC bot, the other was used to search out and try to infect other web servers. Assuming you're running as a mere mortal and not root, how does it start a root shell? If the web admin didn't make sure to set up a user account for the web server, then it's most likely running as root, and so all child processes would also be root.
The way I read the note, a "downloader script" was downloaded from the server and then run in a root shell to set the permissions etc. How did that root shell get started?
If, say, apache has a flaw that allows a shell to be forked off, and apache is running as root, then there you go: root shell.
If it's on the server, it shouldn't be able to do something as root on the local computer. Anyone running a browser as root deserves what they get.
That depends on whether the server process is running as root (improper administration) or as a non-privileged user (say, username apache) which is correct administration. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org