[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

On Sat, 22 Mar 2003 14:52, Glenn McGrath wrote:
> If you already have superuser privileges you dont need a rootkit.

A "root kit" is a term that usually refers to a set of programs used for 
further exploiting a cracked machine.

If you crack a machine you will want to be able to login to it at any time, 
without having any entries in syslog and without needing any extra data in 
/etc/passwd (which may be noticed as evidence of intrusion or just removed as 
part of routine sys-admin work).

A "root kit" will generally offer some way of preventing processes being seen 
by ps (so the administrator can't see that the attacker is logged in), some 
way of hiding files, and a modified daemon that has network access (inetd, 
sshd, etc) that also provides root shells if you enter some special 
combination of commands in addition to performing the regular functions.

By this definition of the term a "root kit" is of no use until after you have 
gained root access.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: