[9376] in bugtraq
Re: No Security is Bad Security:
daemon@ATHENA.MIT.EDU (com-nospam@CCRAIG.ORG)
Fri Feb 5 06:38:17 1999
Date: Thu, 4 Feb 1999 15:35:56 -0500
Reply-To: com-nospam@CCRAIG.ORG
From: com-nospam@CCRAIG.ORG
X-To: "Jan B. Koum" <jkb@BEST.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: "Jan B. Koum"'s message of "Wed, 3 Feb 1999 08:33:10 -0800"
"Jan B. Koum" <jkb@BEST.COM> writes:
> > 1) Don't log in as root on a machine that most likely has been
> > compromised. Bsd things can happen.
>
> You have to login as root to shutdown the system. You don't
> want to 'just turn it off' since you can loose data.
>
Know before you do this that shutting down the system rather than just
throwing the scram switch can cost you. If a system is known to be cracked
then you must assume that _everything_ on the machine is compromised.
login could be replaced with a program that mails your password somewhere.
init could be replaced with a program that does whatever. Logging in as root
to shutdown puts you at risk of further damage.
--
Christopher A. Craig <com-nospam@ccraig.org>
"There is no subject, however complex, which--if studied with patience
and intelligence--will not become more complex." New Speaker's Handbook
PGP Key Verification: EE B1 F3 A0 3F BC 3C C7 81 61 F1 91 6E 99 13 65
http://www.ccraig.org
