James Knott wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2008-01-21 at 20:41 -0800, Joe Sloan wrote:
David Bolt wrote:
The reason being that if a worm is able to install on the server using root privileges, there's no way to know just what else has been installed by it without performing some form of forensic work on the installation
Why would you assume that a worm got root privileges? In the cases I've
Because David wrote, in the email you quoted:
]> The commands were executed by a root shell and was used to download the ]> loader script,
I was thinking, at first glance, the same, that root was compromised. But you are right, it's not always the case. Rather, it should never be the case.
Again, why the root shell? Why wasn't that person using a user ID? In order to run a root shell, someone has to start a root shell. They don't just happen. There's a reason why root shouldn't be used, when not needed.
One possibility: Because an un-informed or lazy administrator set up the box to start the web server from root during boot up. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org