Brian Eckman <[EMAIL PROTECTED]> wrote: > Hmmm. Well, if the execute bit isn't set, then I'd assume it can be > considered relatively safe. If the attacker can later find a way to > chmod it and then execute it with the privliges needed to make it > harmful, then I imagine that they could find other ways of > compromising your machine as well. > > For Windows, if it's a backdoor that is named something.txt, well, > again, the attacker would have to find a way to rename that file and > execute it with appropriate permissions. Again, I imagine that if they > can do that, that they could find other ways of compromising your > machine as well.
The backdoor could for example be a nasty makro trojan placed in a .doc that would later (most likely) executed by an user and so do the dirty work without remote interaction. Nothing to rename or execute. I agree with Paul that data from a compromised system can't be trusted anymore, regardless what it is, it has to be checked for integrity or wiped (at least in a secure environment). regards -gt -- Gino Thomas | mailto: [EMAIL PROTECTED] | http://nux-acid.org GPG: E6EA9145 | 4578 F871 893E 1FEC 31FC 5B5E 8A46 4CC8 E6EA 9145 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
