| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: g.thomas at nux-acid.org (Gino Thomas) Subject: Removing ShKit Root Kit Brian Eckman <eckman@....edu> wrote: > Hmmm. Well, if the execute bit isn't set, then I'd assume it can be > considered relatively safe. If the attacker can later find a way to > chmod it and then execute it with the privliges needed to make it > harmful, then I imagine that they could find other ways of > compromising your machine as well. > > For Windows, if it's a backdoor that is named something.txt, well, > again, the attacker would have to find a way to rename that file and > execute it with appropriate permissions. Again, I imagine that if they > can do that, that they could find other ways of compromising your > machine as well. The backdoor could for example be a nasty makro trojan placed in a .doc that would later (most likely) executed by an user and so do the dirty work without remote interaction. Nothing to rename or execute. I agree with Paul that data from a compromised system can't be trusted anymore, regardless what it is, it has to be checked for integrity or wiped (at least in a secure environment). regards -gt -- Gino Thomas | mailto: g.thomas@...-acid.org | http://nux-acid.org GPG: E6EA9145 | 4578 F871 893E 1FEC 31FC 5B5E 8A46 4CC8 E6EA 9145
Powered by blists - more mailing lists