now: can *nixes be rootkitted was: Re: [SLUG] Sony rootkit

From: Mike Branda (mike@wackyworld.tv)
Date: Wed Nov 16 2005 - 11:23:57 EST

Next message: steve szmidt: "Re: [SLUG] linux / windows"
Previous message: steve szmidt: "Re: [SLUG] Sony-BM Rootkit:"
In reply to: SOTL: "Re: [SLUG] Sony rootkit"
Next in thread: Robert Snyder: "Re: now: can *nixes be rootkitted was: Re: [SLUG] Sony rootkit"
Reply: Robert Snyder: "Re: now: can *nixes be rootkitted was: Re: [SLUG] Sony rootkit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 2005-11-16 at 09:12 -0500, SOTL wrote:

> The real issue to me is that given a network say mill net that some
> unsuspecting person could plop a music CD into a box be it MS Windows, Linus,
> or BSD [recall Apple is BSD] and by that simple process install root kits on

> Frank

Frank,

You're getting the BSD and Linux thing wrong. Note in the discussion of
the Mac that the user is prompted for a superuser password with a pop up
window. Here's where the issue lies on a *nix system. You have to give
it privileged access to do anything of significance. Most of the
services, binaries and other files that could cause major harm (outside
of memory buffer exploits or whatever) are not accessible as the average
Joe login.

Remember that all those programs like IE and such run as the "privileged
user" on Windows. Everybody is an administrator by default unless you
explicitly downgrade them. Doing that usually that causes a user to not
be able to use common 3rd party software because the program is written
in a way that needs admin priv's. Catch 22.

Most of the *nix rootkits replace binaries and other things owned by
root and the only way to do that is for a user to give a root password,
or to discover an exploit that gains root access. In my experience with
Linux so far, because of the many eyes on the source code, exploits are
most often found and fixed/patched before they are even known by others
as exploits.

Now, if somebody's dumb enough to run a program on a *nix box and
actually type in the root password without knowing what they were
installing, well... that's their own ignorance. Unfortunately, I'm sure
this will happen. Just as the Mac user will lightheartedly type their
password in that little window.

Mike Branda Jr.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: steve szmidt: "Re: [SLUG] linux / windows"
Previous message: steve szmidt: "Re: [SLUG] Sony-BM Rootkit:"
In reply to: SOTL: "Re: [SLUG] Sony rootkit"
Next in thread: Robert Snyder: "Re: now: can *nixes be rootkitted was: Re: [SLUG] Sony rootkit"
Reply: Robert Snyder: "Re: now: can *nixes be rootkitted was: Re: [SLUG] Sony rootkit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:10:09 EDT