On Tue, Feb 01, 2005 at 02:29:01PM -0800, John H. Robinson, IV wrote: > Lan Barnes wrote: > > On Tue, Feb 01, 2005 at 01:28:11PM -0800, John H. Robinson, IV wrote: > > > Lan Barnes wrote: > > > > > > > > Hmm ... by payload you mean malicious code to be executed? What would > > > > one try to get a Unix variant to execute that could cause trouble? > > > > > > Shellcode. You can find examples on bugtraq postings. > > > > I don't have time to look at the examples, but I'm not particularly > > impressed. Perhaps you could mess up apache and all he owned, but you > > can't run a script as root unless you're already root, at least in Linux > > (I know, I've tried)[0]. > > That shellcode then fires off whatever the atacker wants. Oftimes an > identd that will spawn telnetd or something of the like. The attacker > can then log in whenever he wants, as root. >
???? A script belonging to apache (at best) fires off inetd? I would be quite surprised. > > > Erasing web contents is a nuisance, but owning the box may be easier in > > apache on windoze. > > I will tend to agree. > I like it when we agree :-) > > BTW, this raises one of my more persistent questions, which is why, oh > > why, would anyone port perfectly good *nix programs to windoze only to > > run them slower and with more vulnerabilities? And that question _is_ > > rhetorical. > > Darn. If it were not rhetorical, I'd answer that MySQL is an inexpensive > and capable relational database that a lot of people are familar with. > Perfect candidate for those too cheap to pay for SQL Server. > They're motivated by being cheap? They buy windoze? They're cheap _and_ illogical! -- Lan Barnes [EMAIL PROTECTED] Linux Guy, SCM Specialist 858-354-0616 -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
