On Thursday 28 July 2005 11:24 am, Moritz Grimm wrote:
> Dave Feustel wrote:
> >>And
> >>there are also still numerous ways of breaking OpenBSD inspite of sane
> >>defaults and exploit mitigation techniques in place.
> >
> > Is there any way I can tell whether my system has been broken as you
> > describe?
>
> This really depends ... I can't tell specifics. I mentioned this because
> of this anecdote: A pal once had to deal with a probably-owned OpenBSD
> box, because his clueless co-admin installed an outdated, vulnerable
> MySQL server by hand (not related to ports/packages at all), and likely
> configured it in a bad way, too. Some script kiddie managed to exploit
> whatever was going on there. He found out quickly because of an
> /etc/shadow file and maybe some other signs, IIRC ... I suspect that the
> cluelessness/idiocy of the s'kiddie, or simply the nature of the attack,
> resulted in no further damage, however, he reinstalled the box anyways
> and bitchslapped the co-admin.
>
> I'd like to be more specific, but there wasn't done any forensic
> analysis of the attack, and it's been a while, too. I think it was an
> OBSD 3.4 installation.
>
> My point is mostly that, if you try really hard, you can make an OpenBSD
> box insecure. OpenBSD can also not help you when you run an
> OpenBSD-aware trojan as root, for example.
>
> Moritz
>
Thanks. I have installed several software packages not in the ports/packages
and I realize that running "sudo make install" is not safe. Sometimes I just
run the software under my non-root login without installing.