Re: ifupdown writes to /etc... a bug?
On Sat, 22 Mar 2003 14:52, Glenn McGrath wrote:
> If you already have superuser privileges you dont need a rootkit.
A "root kit" is a term that usually refers to a set of programs used for
further exploiting a cracked machine.
If you crack a machine you will want to be able to login to it at any time,
without having any entries in syslog and without needing any extra data in
/etc/passwd (which may be noticed as evidence of intrusion or just removed as
part of routine sys-admin work).
A "root kit" will generally offer some way of preventing processes being seen
by ps (so the administrator can't see that the attacker is logged in), some
way of hiding files, and a modified daemon that has network access (inetd,
sshd, etc) that also provides root shells if you enter some special
combination of commands in addition to performing the regular functions.
By this definition of the term a "root kit" is of no use until after you have
gained root access.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: