Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Re: server-check
  • From: Sebastian Krahmer <krahmer@xxxxxxx>
  • Date: Mon, 12 Feb 2001 14:05:12 +0100 (CET)
  • Message-id: <Pine.LNX.4.21.0102121403370.28509-100000@xxxxxxxxxxxxxx>
On Sat, 10 Feb 2001, Johannes Geiger wrote:

> Hello Gerard Bras!
>
> On Sat, Feb 10, 2001 at 07:56:24PM +0100, Gerard Bras wrote:
> > On this point I'm curious. Could a 'root kit' propogate itself to
> > uninfected hosts on a LAN after it infects the initial victim host?
> > Protection inside a LAN is commonly lax, especially with everyone
> > relying on firewalls to protect them.
>
> That is an old story: Attack the other machines on the LAN by the same
> means which led to the compromise of the initial victim. The probability
> is high that they are running the same vulnerable software version.
> (BTW, this kind of program or set of programs is called a worm.)
>
> > Are viruses like those seen in MSWorld the next thing?
> > All along I've been smug telling my Windows using friends that I don't have
> > these virus problems because Unix/Linux has accecss control.
>
> The Unix access control mechanisms cannot prevent virus infection. An
> infected program can infect any other binary the user running the
> infected program has write-access to. So all you have to do ist wait for
> root to come along...
Who should never execute binaries from users.
Additionaly there is the file-flag mechanism in BSD or linux
which even forbids root-processes to modify /bin /usr/bin etc.
if set properly. The UNIX fs is a quite good wall for viruses,
but the best is that in every unix system things are different. :)

bye,
Sebastian


>
> Regards
>
> Johannes
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >
References