Results 1 to 4 of 4
hi all, a very general question: hello, lets say i am on my user account (ie, non-root) on computer with linux. how can i get infected by a rootkit? there ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-19-2008 #1
- Join Date
- Nov 2008
how can i get infected by a rootkit
hello, lets say i am on my user account (ie, non-root) on computer with linux. how can i get infected by a rootkit? there are so many tutorials out there on rootkit detection/prevention/removal but i don't really know specifically how a computer can get infected by a rootkit.
one way i can get infected with rootkits is some exploit letting the attacker open up a shell on my computer (with root access?) and install the rootkits on my computer.
if i am not running as root, how can rootkits that target the kernel successfully attack my computer? lets say i execute some application that is a trojan horse, can my kernel be compromised?
i am wondering how can something i don't have permission to write to (eg, kernel) when i am not running as root be compromised. One way i could find out is to infect my own computer with one but i rather not go there.
- 11-19-2008 #2
in a perfect world, an intruder who has gained non-privileged shell access could not install anything running with root or kernel rights.
But any non-trivial real-world software has bugs, some of them making it possible to to slip through the security layer. For example, if there is a program that is imperfect but is installed with setuid rights by root, then every time this program does a mistake it does that mistake with root rights.
Another possible attack was to install a program that "observes" the user, for example the text he enters into the keyboard. It wouldn't need root rights to do so. The next time this observed person types in the root password, the spy gained it too.
For these reason I have a lemma: Every successful attack that resulted in a compromised user account equals a completely compromised system. Therefore the line of defense can only be placed in front of it.
- 11-19-2008 #3
- Join Date
- Nov 2008
hello! thank you for your quick reply! i didn't really know what is setuid before this.
Interesting lemma. I agree that in the non-ideal world, your lemma would be the 'best-fix'.
- 11-19-2008 #4
Your are welcome.
Btw, there is a book that features such a scenario, describing how human mistakes and convenience make such attacks possible from a server administrator's perspective. It is a recommended read and I enjoyed reading it a lot.
The Cuckoo's Egg)