[huskerlug] Re: CERT Advisory
- From: Steve <steve@xxxxxxxxxxxxx>
- To: huskerlug@xxxxxxxxxxxxx
- Date: Thu, 14 Aug 2003 19:12:14 -0500
> I know that cracking WinXX boxes is no trick at all - 7th graders=20
> have done it using scripts. But, do you think a "script-kiddy" has=20
> enough knowledge and ability to crack into a Linux distro, even with=20
> 'linux scripts'?
That's the thing with "script kiddies", most of them don't have a lot of
knowledge. If someone writes an exploit for xyz os, anyone can run it. It
takes very little if any knowledge to execute the exploit. This is true
whether it's an attack against windoze, linux, openbsd, etc.
One thing to note about the GNU compromise was that they offered shell access
to many. It is a lot more difficult to secure a system from local attack
than remote attacks. Typically, kernel bugs tend to only be exploitable
locally. In this case, it was the ptrace bug that led to the compromise.
Unfortunately, almost all OSes have proved to be quite "breakable" once an
intruder achieves local access. That is why it's important to limit access
to setuid/setgid root programs. Better yet, reduce the need for them all
together by using the built-in file system protections provided by *nix.
OpenBSD is doing an good job of this right now, and Owl GNU/*/Linux has a
shadow password implementation that requires no setuid root binaries to allow
users to change their passwords, finger info, etc.
There are a lot of other precautions that can be taken as I'm sure most of you
know (e.g. device permissions, /proc restrictions, remove lkm support, file
system restrictions, disable ptrace & rawio globally, statically compile
privileged binaries, HIDS, etc). After all that is done, there are several
kernel hardening patches that can be considered.
--
Steve Bremer
RHCE,CCNA
--
Real Men don't make backups. They upload it via ftp and let the world
mirror it. -- Linus Torvalds
--
GnuPG Key fingerprint = 7F06 4D73 7963 BE96 5189 953A E285 CB2C BA03 2746
Available on key servers.
----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE
- Follow-Ups:
- [huskerlug] Re: CERT Advisory
- From: GreyGeek
- [huskerlug] Re: CERT Advisory
- From: Jeff Ives
- References:
- [huskerlug] CERT Advisory
- From: Jaymz Ringler
- [huskerlug] Re: CERT Advisory
- From: cdelgad2
- [huskerlug] Re: CERT Advisory
- From: GreyGeek
Other related posts:
- » [huskerlug] CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- » [huskerlug] Re: CERT Advisory
- [huskerlug] Re: CERT Advisory
- From: GreyGeek
- [huskerlug] Re: CERT Advisory
- From: Jeff Ives
- [huskerlug] CERT Advisory
- From: Jaymz Ringler
- [huskerlug] Re: CERT Advisory
- From: cdelgad2
- [huskerlug] Re: CERT Advisory
- From: GreyGeek