On Sat, 10 Feb 2001, Johannes Geiger wrote:
Hello Gerard Bras!
On Sat, Feb 10, 2001 at 07:56:24PM +0100, Gerard Bras wrote:
On this point I'm curious. Could a 'root kit' propogate itself to uninfected hosts on a LAN after it infects the initial victim host? Protection inside a LAN is commonly lax, especially with everyone relying on firewalls to protect them.
That is an old story: Attack the other machines on the LAN by the same means which led to the compromise of the initial victim. The probability is high that they are running the same vulnerable software version. (BTW, this kind of program or set of programs is called a worm.)
Are viruses like those seen in MSWorld the next thing? All along I've been smug telling my Windows using friends that I don't have these virus problems because Unix/Linux has accecss control.
The Unix access control mechanisms cannot prevent virus infection. An infected program can infect any other binary the user running the infected program has write-access to. So all you have to do ist wait for root to come along... Who should never execute binaries from users. Additionaly there is the file-flag mechanism in BSD or linux which even forbids root-processes to modify /bin /usr/bin etc. if set properly. The UNIX fs is a quite good wall for viruses, but the best is that in every unix system things are different. :)
bye, Sebastian
Regards
Johannes
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com