| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FE75045.1090005@umn.edu> From: eckman at umn.edu (Brian Eckman) Subject: Removing ShKit Root Kit Schmehl, Paul L wrote: <snip> > This advice is common, and it's always mystified me. Why would you want > backups of the "data"? If the box is compromised, you can't trust > *anything* on it, can you? How can you know for certain that "data" > isn't a cleverly concealed backdoor? Hmmm. Well, if the execute bit isn't set, then I'd assume it can be considered relatively safe. If the attacker can later find a way to chmod it and then execute it with the privliges needed to make it harmful, then I imagine that they could find other ways of compromising your machine as well. For Windows, if it's a backdoor that is named something.txt, well, again, the attacker would have to find a way to rename that file and execute it with appropriate permissions. Again, I imagine that if they can do that, that they could find other ways of compromising your machine as well. <snip> Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota "There are 10 types of people in this world. Those who understand binary and those who don't."
Powered by blists - more mailing lists