when last we saw our hero (Sunday, May 18, 2003), Matthew S. Hallacy was madly tapping out: > On Thu, May 15, 2003 at 02:06:29PM -0500, Daniel Taylor wrote: > > On Thu, 15 May 2003, steve ulrich wrote: > > > Right. It stops script kiddies. It stops self-recompiling worms. > > It leaves attacks directed at your hardware/software combination > > and attacks directed at you by pros. > > How does this stop script kiddies? They've already rooted you, game > over. > > Just because they can't get their rootkit to compile doesn't mean > they won't get frustrated and just rm -rf / some exploits don't become full-on rootings until a rootkit can be assembled. a host may be compromised enough to enable the party to place the rootkit on the host and have mortal execution privileges, without necessarily having root. in the above you seem to be stating that compromise == compromise of root. which i would say, is not necessarily true. -- steve ulrich sulrich at botwerks.org PGP: 8D0B 0EE9 E700 A6CF ABA7 AE5F 4FD4 07C9 133B FAFC _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list