AW: Root can't delete files

• Previous message: Chris Campbell: "kazaa,gnutella,aimster blocks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200110101710.TAA05026@trantor.eads-dsn.com>
From: "Bass, Bernd" <Bernd.Bass@eads-dsn.com>
To: "'focus-linux@securityfocus.com'" <focus-linux@securityfocus.com>
Subject: AW: Root can't delete files
Date: Wed, 10 Oct 2001 19:09:58 +0200

Hi,

maybe the intruder used the "chattr" Application.
With this appl. you can protect your files and directories...

See the man page.

Bernd

Mit freundlichen Grüßen

Bernd Bass

AEG Mobile Communication
Wilhelm-Runge-Str. 11, D-89081 Ulm
Web: www.amc.de
e-mail: Bernd.Bass@eads-dsn.com
          A company of

-----Ursprüngliche Nachricht-----
Von: Thanas [mailto:thanas@infinito.it]
Gesendet: Mittwoch, 10. Oktober 2001 12:03
An: Focus Linux
Betreff: Root can't delete files

Hi,

after an intrusion in a linux system (2.2) using (I suppose) a
vulnerability in bind 8.2.2 I've experienced a strange behaviour:

the attacker installed a corrupted version of /bin/login and when
i typed:

# mv /safe/version/path/login /bin/login

I just obtained the message 'Operation not permitted' ... How is
it possible ? I had to use low level tools directly on the ext2
filesystem to delete that file ...

thanks

• Previous message: Chris Campbell: "kazaa,gnutella,aimster blocks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: TALPA - a threat model? well sorta. ... Assuming it wants to protect against root: ... But you need some LSM like protections to be able to protect the file ... the integrity of the file scanner against root. ... (Linux-Kernel) Re: [malware-list] TALPA - a threat model? well sorta. ... I honestly don't think we should worry about root. ... scanner for file servers ... "how do we protect the file scanner", ... Complete rootkit protection is a whole other area not ... (Linux-Kernel) Re: TALPA - a threat model? well sorta. ... I honestly don't think we should worry about root. ... Sure, if the AV scanner ... But you need some LSM like protections to be able to protect the file ... (Linux-Kernel) Re: Regarding sudo ... A normal user cannot damage the critical system files. ... etc.) The root account is capable of causing great damage ... Protect system backups. ... (comp.os.linux.setup) Re: TALPA - a threat model? well sorta. ... protections against maliciously attacking programs be they root or not. ... happen is that the scanner is going to scan the trojan.rpm when yum ... Stop thinking this is an LSM or as a new security model. ... But you need some LSM like protections to be able to protect the file ... (Linux-Kernel)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint