[9354] in bugtraq
Re: No Security is Bad Security:
daemon@ATHENA.MIT.EDU (der Mouse)
Fri Feb 5 01:04:35 1999
Date: Thu, 4 Feb 1999 13:53:28 -0500
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@NETSPACE.ORG
>> 1) Don't log in as root on a machine that most likely has been
>> compromised. Bsd things can happen.
> You have to login as root to shutdown the system. You don't want to
> 'just turn it off' since you can loose [sic] data.
How? What does just turning it off potentially lose me? At most, I
think, it risks a little filesystem damage. Unfortunately shutting
down risks more, especially since if there are files open but unlinked,
I want to know what's in them! If I take the disk offline - or,
equivalently, just power the system off - then I can use fsck -n or
iorphan to find such files and dumpi to look at them. If I shut down
"cleanly", they will get destroyed.
Preferable to either, from an information preservation perspective, is
to forcibly crash the system, so as to get a kernel coredump. This may
or may not be worth the effort, depending on such things as whether
anyone is available with the skill, time, and inclination to grovel
through it looking for evidence.
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
