Well, the question asked would be nice: "Thus it has some method of getting root privileges."
The response: "Inexperienced sysadmins."
The quote showing that was the case: "Daniel Kirsten wrote: 'Yesterday, I examined the directory ~daikanyama/.undernet and probably I executed mech as root. The file mech is indeed infected by Linux/Rst-B. This explains everything.......'
So the "method of getting root privileges" is "regular users of their own machines" running random executables (like the ones downloaded by a script kiddie) as root.
I'm interested in hearing how you would like to close this vulnerability.
-- William Hooper
I should probably keep quiet, but I don't really mind looking like a fool.
I'm an "inexperienced sysadmin" for my Linux boxes, and I have destroyed a few by doing stupid things, like running an untested script (that I wrote) as root that deleted all the file in /etc.
What I'd really like is for system files to be mounted read only. Maybe by having a hardware switch that makes the system disk read only. Booting from a DVD that contained everything except /var, /tmp, and /home would be another alternative. This of course requires that everyone cleans up their code to only update files in /var, instead of writing in /etc.
I'm sure some smart people have already worked out the details for a system like this. Anyone aware of this kind of work? I'd be interested in seeing it.
Thanks,
John Wendel
