Hi, I'm really sorry, i thought this message was from a personal friend of mine whose name is also Kevin. Those are still basically my thoughts, but I would have written them much more formally had I realised that (and I dont mean to be so snooty about Gentoo, that is just a standing joke between the two of us because he switched to Debian for unrelated reasons). I guess what I was getting at was that it seems to be an exploit in PHP, not in Linux itself, so it seems to be a much less severe problem than it is being made out to be... you cant install a systemwide backdoor if you dont have correct permissions. Granted, it is probably a good idea to reinstall if you are unsure. Also, I'd like to note Unix-based exploits are some of the oldest on the book, because Unix a pretty old operating system. I am really sorry that I posted that message to the group... On 11/8/05, Alan Dayley wrote: > Matt Mets said: > >> Affected systems will need to be wiped and have the OS > >> reinstalled, in most cases. > > > > um, this would be affected systems that didnt know how to set their > > web server permissions correctly i assume? you think that any decent > > install would do that... ill check the gentoo tonight (which would > > probably have been patched a long time ago anyway), but it doesnt seem > > to make a whole lot of sense to me. > > > > I mean come on, you dont have to reinstall an os to do this stuff... > > thats crazy talk. This is unix, man, there isnt a registry to screw > > up... just reinstall the frigging webserver if you have to. > > > > The problem is that the worm installs a back door on the computer, > allowing full remote access to one who knows it is there. Unless you then > have tripwire or some other way to prove that no one has been using that > back door, the only want to get to a known, secure state is to re-install > from scratch. > > Personally, I think any box found with a back door installed needs to be > reformated. That's the only way I could be confident it is not > compromised. > > Alan > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss