Exploiting Linux vulnerabilities 8123
 |
You have a number of flaws in your argument, as well as a lot of "hoping".
On Sat, 21 Jan 2006 15:31:10 +0000, JPB
Apart from everything else, you seem to think that a 2 staged attack is improbable. This is pretty far from the case. We've seen lots of "blended" attacks, like nimda, where it tries dozens of different multi-stage attacks. Nothing is stopping someone from writing a worm that gets in via a small user flaw, then downloads potentially hundreds or thousands of different local root exploits to tray and gain advantage of the root account.
It's not that improbable, and should worm authors start targeting linux more often, you can bet it will happen. I've noticed a lot of Linux users that simply do not take local root vulnerabilities seriously because they don't allow anyone else to log in to their machines.
Naturally, because you don't want to.
never heard of .profile? That ensures that any time a user logs in, certain settings get set, which can include running any program. Now you COULD make .profile a root owned account write inaccessible to the user, but honestly, how often does that happen? Users want to edit their .profile.
On Saturday 21 January 2006 23:07, Erik Funkenbusch stood up and spoke the following words to the mbuttes incomp.os.linux.advocacy...: Two points here... (1) It is effectively impossible to disallow the user write access to...
While, indeed, this only allows the program to run when the user is logged in, many users are logged in all the time.
No, it's not impossible at all. But the level of difficulty is quite a bit higher, which reduces the pool of talent that can successfully pull one off...
uptimes. Are you suggesting Linux users might actually shut down their
Rooting a Windows box didn't used to be an easy thing to do either. What happens, is you get large scale groups of users working on the problem, and before you know it you've goot tons of root exploit code floating around. Metasploit, for example, serves this purpose (though Metasploit is also useful for security professionals too).
In other words, you "hope" that they don't want to damage the data. Even if they don't damage it, they can certainly look at it, and send that data back to whomever they want. usernames, pbuttwords, banking information, whatever.. Further, a virus can be written to run for weeks before doing damage, allowing itself maximum spread time.
There are two basic clbuttes of attacker these days. script kiddies, and professionals. The script kiddies probably get a kick out of deleting everyones data. The professionals, however, are looking for zombies that they can use as spam gateways or for other reasons. You don't have to be root to be a spam gateway.