[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Re: Re: Bind Overrun Bug and Linux (fwd)

From: Adam Spiers <adam thelonious new ox ac uk>
To: linux-security redhat com
Subject: Re: [linux-security] Re: Re: Re: Bind Overrun Bug and Linux (fwd)
Date: Mon, 25 May 1998 01:14:50 +0000

Shaun (shaun lexicom ab ca) wrote:
>  For example, LRK config defaults:
> 	/dev/ttyp*
> These files are quite noticable, as *no* files in /dev/ should be of type
> f (regular file) except MAKEDEV.  They should be of only type: c/b/s.  A
> simple 'find /dev -type f' will report all of the regular file types.

On the other hand, don't presume that your attacker is totally inept
and will therefore stay with the LRK defaults; I have seen a case
where the config files were changed to /usr/lib/lib[pqrs].o for
example.

I'm sure that even lame r00tsh3l1 crackers are capable of thinking of
decent hiding places :-)

Follow-Ups:
- Re: [linux-security] Re: Bind Overrun Bug and Linux (fwd)
  - From: Shaun

References:
- Re: [linux-security] Re: Re: Bind Overrun Bug and Linux (fwd)
  - From: Shaun

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]