Bugtraq mailing list archives

Re: No Security is Bad Security:

From: com-nospam () CCRAIG ORG (com-nospam () CCRAIG ORG)
Date: Thu, 4 Feb 1999 15:35:56 -0500


"Jan B. Koum" <jkb () BEST COM> writes:

1) Don't log in as root on a machine that most likely has been
compromised. Bsd things can happen.


        You have to login as root to shutdown the system. You don't
        want to 'just turn it off' since you can loose data.


Know before you do this that shutting down the system rather than just
throwing the scram switch can cost you.  If a system is known to be cracked
then you must assume that _everything_ on the machine is compromised.
login could be replaced with a program that mails your password somewhere.
init could be replaced with a program that does whatever.  Logging in as root
to shutdown puts you at risk of further damage.

--
Christopher A. Craig <com-nospam () ccraig org>
"There is no subject, however complex, which--if studied with patience
and intelligence--will not become more complex." New Speaker's Handbook
PGP Key Verification: EE B1 F3 A0 3F BC 3C C7 81 61 F1 91 6E 99 13 65
http://www.ccraig.org

Current thread:

No Security is Bad Security: John \ (Feb 02)
- More oshare testing. C.J. Oster (Feb 02)
  - Re: More oshare testing. Jeff Roberson (Feb 03)
    - Re: No Security is Bad Security: com-nospam () CCRAIG ORG (Feb 04)
    - Re: More oshare testing. Alan Cox (Feb 04)
    - Re: More oshare testing. Cristiano Lincoln Mattos (Feb 05)
  - Re: More oshare testing. Dariusz Zmokly (Feb 04)
- Re: No Security is Bad Security: Kevin Day (Feb 02)
  - Re: No Security is Bad Security: Jan B. Koum (Feb 03)
    - Re: No Security is Bad Security: Russell Fulton (Feb 04)
- Re: No Security is Bad Security: ecx (Feb 04)
- Update on w00w00 article (bug report) Shok (Feb 04)
- <Possible follow-ups>
- Re: No Security is Bad Security: Donald Moore (Feb 04)
- Re: No Security is Bad Security: der Mouse (Feb 04)

(Thread continues...)