Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think it was mentioned on a comment, but just to make it clear:

A rootkit is not a virus nor a way to obtain privileges on a Linux box, but a set of tools providing various features to keep hidden a root access to the hacked box.

This rootkit provides various backdoors allowing to get root ssh access and advanced anti-detection features, but as far as I know, this package won't hurt you badly as far as you don't manipulate it with a privileged user.



Maybe I misunderstood the grammar somehow, but did you just say:

> This rootkit provides various backdoors allowing to get root ssh access

followed by:

> this package won't hurt you badly

Allowing root ssh is the ultimate death of your machine's security. Having this installed hurts you badly.


> Allowing root ssh is [...] your machine's security.

Taking stuff out of context is fun!

He said it won't hurt you badly as long as you don't run it as root. From that, I understand that it can't install itself unless it's run as a privileged user.


Thanks for that, I guess I misread a bit.

So what he's saying is that there's no privilege escalation exploit packaged with this rootkit. Gotcha.

Still I wouldn't mention "this package won't hurt you" along with such a tool. Many userland exploits exist.


Sorry, I wrote my comment quickly, this is what I meant.

I said that "it won't hurt you" as a reaction to people saying "I won't even click on that link" in some comments.


I agree with that, I'd be wary of it.


I'm reading the entry on blackhatlibrary. It seems you first have to get root access to copy in (overwrite?) libselinux.so. Then it gets you all sorts of backdoors that gives you root access on a machine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: