[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 21/10/10 18:45, Paul Sutton wrote: > > Is there, if there is I don't know how to get root other than by logging > in or using su sudo etc The typical method is get shell access as the owner of the Ãpache process which can be done if you can write "PHP" files, or any of a host of problems with third party web application code. On well secured systems a shell owned by the Apache users gives you fairly limited access, typically you can mess up dynamic website (or sites). One then checks the kernel version, downloads someone else's exploit code, runs it, and the "#" prompt appears. Now they can install kernel modules that hide all the nasty code they want to run from the system admin. I've seen boxes like this, they change "ps" so you can't see the bad processes running, they change "lsmod" so you can't see the bad kernel module installed etc. Like a virus infested Windows box the only meaningful option at that point is reinstall from trusted media. The exploit code varies, but a number of similar types of exploit crop up again and again. Weaknesses in Setuid executables (the current exploit is a generic form of this), kernel bugs - often race conditions, exploiting symlinks to cause processes to inadvertently overwrite files. The issue is not what you know, but what the bad guys know, versus the holes that are left. Having seen how the bad guys work, I'm definitely in the pro-active patching school. I don't want to leave code with known weaknesses on my system (especially things like setuid executables), because I know it will be used (if it can be) to escalate privileges if and when the machine is compromised. GNU/Linux may be more secure than many common MS Windows operating systems, but the typical configurations most people run are not especially secure. The main reason I think is that the security expertise to make boxes more secure is not widespread (I have a lot of system admin experience, but limited knowledge of SELinux for example), and that there is a long legacy of very bad practices (see Theo de Raadt on the X architecture) which are not trivial to fix. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq