[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: commercial servers
From:       J C Lawrence <claw () kanga ! nu>
Date:       2001-05-30 3:35:55
[Download RAW message or body]

On Tue, 29 May 2001 09:31:55 -0700 
Leonard Leblanc <lleblanc@emergeknowledge.com> wrote:

> Hi, I would probably say yes.  But of course it depends on the
> setup they have and if the person obtains root access through the
> buffer overflow.  Once someone has root on the box, anything
> goes. (Correct me if I'm wrong on this one guys, I'm sorta new to
> this security thing)

As a general truth:

  Given a system which has had an unpriviledged user compromise, it
  can be difficult to conclusively demonstrate that no priviledged
  account has not also been compromised and merely covered over,
  leaving the unpriviledged account compromise "open".

Heck its difficult enough at the best of times getting good surety
that a system hasn't been silently compromised and covered up from
your IDs systems.  Getting even reasonable confidence when sone
potentially malicious unpriviledged user has had free reign on the
system is another order of magnitude.  

Often its not worth the effort.  Its simpler, cheaper, and safer to
blow everything away and re-install.

-- 
J C Lawrence                                       claw@kanga.nu
---------(*)                          http://www.kanga.nu/~claw/
The pressure to survive and rhetoric may make strange bedfellows

[prev in list] [next in list] [prev in thread] [next in thread]