OpenSSH Trojan

Steve Bougerolle steveb at creek-and-cowley.com
Thu Aug 1 18:18:50 PDT 2002


On Fri, 2002-08-02 at 02:18, Matthias Benkmann wrote:
> Lesson to learn: NEVER EVER build as root. A user of the more control hint
> would have been relatively safe even when installing a trojaned OpenSSH.

I have to disagree with you, Matthias.  Your "more control" system will
give a lot more security to a single PC, and when I first saw it I was
really enthused and started to think how I could use it. However, within
a few minutes I realized that on a networked system using NFS that
exposes the huge majority of your system files to attack by anybody on
the network.  With NFS the rule must be "all important files are owned
by root".  

I'm sure I'm not the only LFSer who's still using NFS (and of course all
of us would like to dump it except the alternatives are too much
hassle).

Of course, you can still build as a user and install as root, and that
half-security is worth something.


-- 
Steve Bougerolle
Creek & Cowley Consulting

http://www.creek-and-cowley.com

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list