Linux infection proves Windows malware monopoly is over
Robert Brockway
robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Fri Jun 18 22:29:59 UTC 2010
On Mon, 14 Jun 2010, Lennart Sorensen wrote:
> And it only has access as the user you ran the server as. Now if you
> ran it as root, then you are of course an idiot. :)
True but local root exploits are orders of magnitude more common than
remote root exploits. Getting a local shell increases the chances of
breaking root massively.
remote non-root exploit + local root exploit = remote root exploit
This isn't theoretical - combinations like this are used all the time.
> Or if you ran it as your regular user with sudo privileges that so many
> distributions seem fond of these days.
Even without sudo, a smart trojan could try to brute force the root
password from the local account although I don't recall ever hearing about
this method being used. Few use suauth to restrict access to su.
Cheers,
Rob
--
Email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org Linux counter ID #16440
IRC: Solver (OFTC & Freenode)
Web: http://www.practicalsysadmin.com
Open Source: The revolution that silently changed the world
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list