> > >.On Monday 03 June 2002 01:38 am, James wrote: > >> I've been watching how this thread progressed. I've noticed two pieces > >> of FUD that keep appearing. > >> > >> 1. The assumption that a virus writer wouldn't know that he/she needs to > >> be root to do real damage and that he/she won't do just that. Don't > >> give yourself a sense of false security here. All they need to do is > >> have a line appended to Passwd and shadow (yes even MD5 is vulnerable > >> here, all it takes is some math.) and they have a new user that has UID > >> 0 and they don't even need to be root. Remember they are in your box. > >> Harden it all you want to the outside. Your vulnerability is when they > >> are inside. (Oh and we did this recently to a Linux box that the user > >[...] > > > >Well? Pray-tell, how does one go about appending a new user to Passwd with > > >UID 0? Altering Passwd should itself require root priviledges - I cannot > >even get in to single user mode to do damage without my root passwd. I > >haven't had to do it for a long time, but I believe this is also true when > >booting up with a CD and doing "rescue".
I hate to be the one to break this to you but unless you set up your system to do so you can very easily enter rescue mode from the CD's without root password AND get to single user mode without root authentication. where in the world did you get this idea? Mark
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
