[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

John johnpollock at bellsouth.net
Thu May 19 20:31:41 EDT 2005


Hi all,

I am recently a new member of ale, been following intently the many 
posts  on this thread.
Its intriguing to say the least and has raised many good points and 
discussions.

Personally IMHO, personal attacks shouldn't be tolerated. Life is too 
short to have grudges, and you'all raise many good points
worthy of everyones reading and finding the little "truths".

Point of interest, when I had used Mandrake Linux, I use to offer free 
shell accounts.
I have since stopped that practice, after watching one user "own" my box 
in a matter of minutes.

What was of interest was his way of hiding his files. In a dir that 
couldn't be seen using "ls -al"
He had switched all binaries for running commands like "top" "ls" "w" etc...

Mind you, that this is a box I had been active on keeping updated with 
patches, and implementing security features.

If I had not been on line and out of curiosity _pro actively_ been 
monitoring this user, undoubtedly, he was up to no good he could/would 
of wrecked a bit of havoc. Glad I was watching an immediately disabled 
his account - disconnected from the Internet and proceeded to to check 
.bash_history before he had to time to alter/delete his commands. Which 
otherwise I wouldn't of been able to find his hidden dir and the many 
programs he had..

In my hast to get my box on line - I wished I had saved his many 
programs for further analysis.
But reformatted and reinstalled.

_Long story short_: 

Personally, I feel its safer to run programs as a regular user. But 
there are a few ppl, that regardless NO matter what you do, has the 
skill sets, and tools to eventually "own" your box.

But best policy is to run securely as possible, it can buy you time and 
possible troubles down the road.
Anyhow, my two humble cents.. and looking forward to gaining insights 
from these posts..
Kudos!

John Pollock
A Linux Enthusiast

Jim Popovitch wrote:

>On Thu, 2005-05-19 at 18:36 -0400, Michael B. Trausch wrote:
>  
>
>>Until then, I conclude that you're a fucking moron
>>    
>>
>
>Michael, that is totally and completely out of line.
>
>-Jim P.
>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>  
>



More information about the Ale mailing list