>William Hooper wrote: >> >> Well, the question asked would be nice: >> "Thus it has some method of getting root privileges." >> >> The response: >> "Inexperienced sysadmins." >> >> The quote showing that was the case: >> "Daniel Kirsten wrote: >> 'Yesterday, I examined the directory ~daikanyama/.undernet and probably I >> executed mech as root. The file mech is indeed infected by Linux/Rst-B. >> This explains everything.......' >> >> So the "method of getting root privileges" is "regular users of their own >> machines" running random executables (like the ones downloaded by a script >> kiddie) as root. >> >> I'm interested in hearing how you would like to close this vulnerability. >> >> -- >> William Hooper >> > >I should probably keep quiet, but I don't really mind looking like a fool. > >I'm an "inexperienced sysadmin" for my Linux boxes, and I have >destroyed a few by doing stupid things, like running an untested >script (that I wrote) as root that deleted all the file in /etc. > >What I'd really like is for system files to be mounted read only. >Maybe by having a hardware switch that makes the system disk read >only. Booting from a DVD that contained everything except /var, /tmp, >and /home would be another alternative. This of course requires that >everyone cleans up their code to only update files in /var, instead of >writing in /etc. > >I'm sure some smart people have already worked out the details for a >system like this. Anyone aware of this kind of work? I'd be interested >in seeing it. See http://www.knoppix.org Cheers, Terry. > >Thanks, > >John Wendel > >-- >fedora-list mailing list >fedora-list@xxxxxxxxxx >To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
