James Knott wrote:
Aaron Kulkis wrote:
James Knott wrote:
David Bolt wrote:
On Mon, 21 Jan 2008, James Knott wrote:-
<snip>
Anti-virus software is generally not necessary with Linux, unless it's
being used as a mail or file server in a Windows network. AFIK,
there's never been a viable Linux virus.
That depends on whether you include worms and trojans under the
definition of a virus. If so, there have been Linux viruses in the
wild.
I still have a copy of a loader script and the IRC bot[0] that was
installed by it, grabbed from an infected server just over 2 years
ago[1].
IIRC, the method of infection for that particular worm was to insert
shell commands[2] into a URL passed to a web server running an
exploitable version of PHP. The commands were executed by a root shell
and was used to download the loader script, set its mode to 744 and
then
execute that. The script in question downloaded 2 files, one was the
IRC
bot, the other was used to search out and try to infect other web
servers.
Assuming you're running as a mere mortal and not root, how does it
start a root shell?
If the web admin didn't make sure to set up a user account for the
web server, then it's most likely running as root, and so all
child processes would also be root.
The way I read the note, a "downloader script" was downloaded from the
server and then run in a root shell to set the permissions etc. How did
that root shell get started?
If, say, apache has a flaw that allows a shell to be forked off, and
apache is running as root, then there you go: root shell.
> If it's on the server, it shouldn't be
able to do something as root on the local computer. Anyone running a
browser as root deserves what they get.
That depends on whether the server process is running as root
(improper administration) or as a non-privileged user (say,
username apache) which is correct administration.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
