On Wed, 05 Sep 2001 13:57:12 -0700 Ben Ford <bfordat_private> wrote: > Qualys Inc wrote: > > > > >executable programs. On Linux systems, the Remote Shell Trojan > >typically begins its replication activities in the current working > >directory and in the /bin directory. > > > [ . . .] > > >Mitigating Factors: > >------------------- > >The replication process of the Remote Shell Program can only effect > >binary files within the access privileges of the user who launched > >the originally infected program. > > > > I think that this point should be emphasized a bit more, unless you are > simply out for dramatization. A properly configured machine won't have > the root user running untrusted binaries. True, however a local (non root) user compromise is still a serious matter. This is another good reason to write protect *all* executables, and preferably have them owned by someone other that the user. Again Unix is protected because users can't write to most executable files. Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 14:34:01 PDT