[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
I'm relly sorry to read this... particularly as I'm planning to set up an apache server at the school where I work. I still firmly believe that what we have in apache is infinitely better than M$ stuff but, like everything, must be carefully thought out. My moto is always "what one man can can invent another can discover" And that works both ways. Best of luck with sorting it out. James > Friday was bad day for me. For the first time my confidence in Linux has > been smashed. Not only was apache compromised (possibly because it was > version 2.0.40, and couldnt be patched (easily) because of our wonderful > proxy config that requires lan man hashes for authentication ). However > what really nocked me for six was the fact that once they had > compromised apache, they installed a root kit somehow. > > I was under the false impression that because of the way linux kernel > was designed that only the user (in this case apache) running the > application could be compromised and not the whole "system". > > Certain key utilities (ls, ifconfig, pstree to name a few) and a library > file or two have clearly been altered and "hidden" to stop me erasing / > replacing them as root user. > > So my question is what makes Linux more secure that Windows ? I thought > I knew the answer up until Friday, but clearly there are ways of jumping > from "joe public" user to root privileges in linux. > > Tom. > > who is depressed because this could set back free software takeup in his > work place :-( > > -- > The Mailing List for the Devon & Cornwall LUG > Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the > message body to unsubscribe. FAQ: > www.dcglug.org.uk/linux_adm/list-faq.html > -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html