On Monday 03 June 2002 01:38 am, James wrote: > I've been watching how this thread progressed. I've noticed two pieces > of FUD that keep appearing. > > 1. The assumption that a virus writer wouldn't know that he/she needs to > be root to do real damage and that he/she won't do just that. Don't > give yourself a sense of false security here. All they need to do is > have a line appended to Passwd and shadow (yes even MD5 is vulnerable > here, all it takes is some math.) and they have a new user that has UID > 0 and they don't even need to be root. Remember they are in your box. > Harden it all you want to the outside. Your vulnerability is when they > are inside. (Oh and we did this recently to a Linux box that the user [...]
Well? Pray-tell, how does one go about appending a new user to Passwd with UID 0? Altering Passwd should itself require root priviledges - I cannot even get in to single user mode to do damage without my root passwd. I haven't had to do it for a long time, but I believe this is also true when booting up with a CD and doing "rescue". Nonetheless, I would love to know how one could do as you describe. Fill us in please. praedor
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com