>.On Monday 03 June 2002 01:38 am, James wrote: >> I've been watching how this thread progressed. I've noticed two pieces >> of FUD that keep appearing. >> >> 1. The assumption that a virus writer wouldn't know that he/she needs to >> be root to do real damage and that he/she won't do just that. Don't >> give yourself a sense of false security here. All they need to do is >> have a line appended to Passwd and shadow (yes even MD5 is vulnerable >> here, all it takes is some math.) and they have a new user that has UID >> 0 and they don't even need to be root. Remember they are in your box. >> Harden it all you want to the outside. Your vulnerability is when they >> are inside. (Oh and we did this recently to a Linux box that the user >[...] > >Well? Pray-tell, how does one go about appending a new user to Passwd with
>UID 0? Altering Passwd should itself require root priviledges - I cannot >even get in to single user mode to do damage without my root passwd. I >haven't had to do it for a long time, but I believe this is also true when >booting up with a CD and doing "rescue". > >Nonetheless, I would love to know how one could do as you describe. Fill us >in please. Just to put my .02 in on that. I'm not sure that a trick like that is something that should be broadcast on a public list. JMHO. Ric
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
