[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: One Way to Increase KDE security
From:       Dave Feustel <dfeustel () mindspring ! com>
Date:       2005-12-27 19:06:50
Message-ID: 200512271406.51295.dfeustel () mindspring ! com
[Download RAW message or body]

On Tuesday 27 December 2005 12:28, Guillaume Laurent wrote:
> On Tuesday 27 December 2005 17:57, Dave Feustel wrote:
> > One of the big clues that I have an intruder in my system was that the
> > permissions I was applying to those devices kept getting changed again
> > after I set restricted permissions.
> 
> Is that the only indication you have about this? On mandrake you have 
> security scripts which are run daily or even hourly and reset permissions on 
> most "sensitive" files, are you sure you're not seeing the same kind of 
> stuff ? I'd check your system logs first.

I'm pretty sure that this is not happening in my case. Good question, though.
 
> For what it's worth, I've had a linux machine rooted once (with the 
> 'tornkit'). Believe me when I tell you that this kind of thing goes to a very 
> great length to hide itself. In short, you will *not* detect them simply by 
> seeing some permission changes. So I find it very unlikely that some cracker  
> would be cunning enough to crack an openBSD machine only to let himself be 
> detected so easily.

I had the feeling that I was being toyed with and that I was *supposed* to notice
the changes. I consider it quite possible that my system is rooted and the rooter is
concealing well the fact that he actually has root access. On the other hand, this
is OpenBSD, not Linux, so maybe the intruder only has access to my computer
via Xorg to an Xsession. It's an open question right now.

 

-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]