-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Tuesday 2008-01-22 at 16:23 -0500, James Knott wrote:
Because David wrote, in the email you quoted:
] > The commands were executed by a root shell and was used to download
the ]> loader script,
I was thinking, at first glance, the same, that root was compromised. But
you are right, it's not always the case. Rather, it should never be the
case.
Again, why the root shell? Why wasn't that person using a user ID? In order
to run a root shell, someone has to start a root shell. They don't just
happen. There's a reason why root shouldn't be used, when not needed.
Because, being a malware, bad things can happen. The malware designer
could know of a hole that allowed it to escalate to root somehow.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHlnWAtTMYHG2NR9URAgOLAJ9q1se8mASJNfq4Fws4UfgpMTebugCfRUVb
VRZMrSjg2h7Utye2788/EWU=
=8qd6
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
