From kde-devel  Tue Dec 27 17:28:28 2005
From: Guillaume Laurent <glaurent () telegraph-road ! org>
Date: Tue, 27 Dec 2005 17:28:28 +0000
To: kde-devel
Subject: Re: One Way to Increase KDE security
Message-Id: <200512271828.28621.glaurent () telegraph-road ! org>
X-MARC-Message: https://marc.info/?l=kde-devel&m=113570456823298

On Tuesday 27 December 2005 17:57, Dave Feustel wrote:
> One of the big clues that I have an intruder in my system was that the
> permissions I was applying to those devices kept getting changed again
> after I set restricted permissions.

Is that the only indication you have about this ? On mandrake you have 
security scripts which are run daily or even hourly and reset permissions on 
most "sensitive" files, are you sure you're not seeing the same kind of 
stuff ? I'd check your system logs first.

For what it's worth, I've had a linux machine rooted once (with the 
'tornkit'). Believe me when I tell you that this kind of thing goes to a very 
great length to hide itself. In short, you will *not* detect them simply by 
seeing some permission changes. So I find it very unlikely that some cracker  
would be cunning enough to crack an openBSD machine only to let himself be 
detected so easily.

-- 
Guillaume.
http://www.telegraph-road.org
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<