On Thu, 20 Jul 2000 10:38:08 -0700 (PDT) you sent this message:
>> > Here is the rouge program that can be slipped into CRON.
>> > A perl script......you name the access point and it gets permission
>> > KISS your DATA GONE!
>> >
>>
>> it needs root right? so with this util root can trash the disk.. so what's
>> new?
>
>All you have to do is trick the kernel into thinking the access is root.
Perhaps I'm misunderstanding, but if someone can trick the kernel into
thinking you're root, you can do a lot of things worse than trashing a
single partition... like, installing a backdoor, gaining console access,
etc. An attack that requires root access is not serious. One that can attack
without root access is. If you've lost root security, you're fubar in every
way already so worrying about what someone can do while root is pointless.
Myrddin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:14 EST