Aaron Kulkis wrote: > James Knott wrote: >> David Bolt wrote: >>> On Mon, 21 Jan 2008, James Knott wrote:- >>> >>> <snip> >>> >>>> Anti-virus software is generally not necessary with Linux, unless it's >>>> being used as a mail or file server in a Windows network. AFIK, >>>> there's never been a viable Linux virus. >>> >>> That depends on whether you include worms and trojans under the >>> definition of a virus. If so, there have been Linux viruses in the >>> wild. >>> I still have a copy of a loader script and the IRC bot[0] that was >>> installed by it, grabbed from an infected server just over 2 years >>> ago[1]. >>> >>> IIRC, the method of infection for that particular worm was to insert >>> shell commands[2] into a URL passed to a web server running an >>> exploitable version of PHP. The commands were executed by a root shell >>> and was used to download the loader script, set its mode to 744 and >>> then >>> execute that. The script in question downloaded 2 files, one was the >>> IRC >>> bot, the other was used to search out and try to infect other web >>> servers. >> >> Assuming you're running as a mere mortal and not root, how does it >> start a root shell? > > If the web admin didn't make sure to set up a user account for the > web server, then it's most likely running as root, and so all > child processes would also be root. > >> >>
The way I read the note, a "downloader script" was downloaded from the server and then run in a root shell to set the permissions etc. How did that root shell get started? If it's on the server, it shouldn't be able to do something as root on the local computer. Anyone running a browser as root deserves what they get. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
