> AFAIK cd00r.c and dtrace need root privs, I your > hacker has obtained > root privs you are screwed anyway...
Correct. And in a major way, no less. > And where did the hacker get this password from ? This is an example. If the attacker found and exploited a zero day vulnerability in SSH, he would be root, and would need no password for `su -`. I thought that much was clear. > Why limit this to only one pid ? Just have it trigger > on all crypts > and you might even get some telnet users..... You can do just about anything with DTrace. Again, this example was meant to highlight that one should not be lulled by a false sense of security. > Trivial if you have root ( or the required dtrace > privileges), > probably a lot harder without them. If SSH is exploited, an attacker will have root. DTrace magic won't work in a zone unless the zone has been specifically configured that way, but that's a story for another day. What's important here is to have an understanding what will and won't work, and under which circumstances. However, believing that it's next to impossible to break into a Solaris system means living dangerously. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
