[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: brute force ssh attack

William Hooper wrote:

Well, the question asked would be nice: "Thus it has some method of getting root privileges."

The response:
"Inexperienced sysadmins."

The quote showing that was the case:
"Daniel Kirsten wrote:
'Yesterday, I examined the directory ~daikanyama/.undernet and probably I
executed mech as root. The file mech is indeed infected by Linux/Rst-B.
This explains everything.......'

So the "method of getting root privileges" is "regular users of their own
machines" running random executables (like the ones downloaded by a script
kiddie) as root.

I'm interested in hearing how you would like to close this vulnerability.

William Hooper

I should probably keep quiet, but I don't really mind looking like a fool.

I'm an "inexperienced sysadmin" for my Linux boxes, and I have destroyed a few by doing stupid things, like running an untested script (that I wrote) as root that deleted all the file in /etc.

What I'd really like is for system files to be mounted read only. Maybe by having a hardware switch that makes the system disk read only. Booting from a DVD that contained everything except /var, /tmp, and /home would be another alternative. This of course requires that everyone cleans up their code to only update files in /var, instead of writing in /etc.

I'm sure some smart people have already worked out the details for a system like this. Anyone aware of this kind of work? I'd be interested in seeing it.


John Wendel

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]