brute force ssh attack
Matthew Miller
mattdm at mattdm.org
Thu Apr 28 17:56:33 UTC 2005
On Thu, Apr 28, 2005 at 09:29:22AM -0400, William Hooper wrote:
> > I'm sorry -- I thought that *was* the point. Seriously, what more
> > context does one need here?
> Well, the question asked would be nice:
> "Thus it has some method of getting root privileges."
> The response:
> "Inexperienced sysadmins."
Okay. Sure. That is, "regular users of their own machines". :)
So it turns out I didn't miss the point at all.
> So the "method of getting root privileges" is "regular users of their own
> machines" running random executables (like the ones downloaded by a script
> kiddie) as root.
>
> I'm interested in hearing how you would like to close this vulnerability.
In this case, some simple "don't do that" would have helped. But in the case
of the sort of tricks that work on Windows users ("But the e-mail came from
my friend!" "I wanted to see the funny animation it said was in there!") can
work on Linux users too. We need to *address* that, not just say "this is
approximately zero threat". Obviously education is part of it. A more
sophisticated SE Linux could be another.
For this particular situation, something like ClamAV + Dazuko would have
helped. Obviously this wouldn't address the 'rm -rf /" problem, but it *can*
help with a lot of malware.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 78 degrees Fahrenheit.
More information about the fedora-list
mailing list