Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Monday 2008-01-21 at 20:41 -0800, Joe Sloan wrote:
David Bolt wrote:
The reason being
that if a worm is able to install on the server using root privileges,
there's no way to know just what else has been installed by it without
performing some form of forensic work on the installation
Why would you assume that a worm got root privileges? In the cases I've
Because David wrote, in the email you quoted:
]> The commands were executed by a root shell and was used to download
the ]> loader script,
I was thinking, at first glance, the same, that root was compromised.
But you are right, it's not always the case. Rather, it should never be
the case.
Again, why the root shell? Why wasn't that person using a user ID? In
order to run a root shell, someone has to start a root shell. They
don't just happen. There's a reason why root shouldn't be used, when
not needed.
--
Use OpenOffice.org <http://www.openoffice.org>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
