Attacks against YDL, and regarding rootkits

[Atro Tossavainen]

Michael,

> Is YDL susceptible to a root kit attack,

There is no such thing as a "root kit attack".  However, all computer
systems are susceptible to some sort of attacks in general.

Speaking generally, there are attacks based on specific vulnerabilities
in specific pieces of software, and if an attacker manages to exploit
one, they often leave a "root kit" on the computer they have gained
access to.  Common purposes for a root kit are to prevent the owner of
the computer from detecting the intrusion and to enable the attacker to
connect to the computer later even if the original vulnerability gets fixed.

A "root kit" does not attack by itself.

> or is the somewhat obscurity of the PPC processor make it less of a risk.

Not really.  You only need shellcode (a short piece of assembler code
that starts a shell) and a way to inject it.  Googling for "ppc shell-
code" produced an example that has been written in 1999 already, for
both "LinuxPPC and BSD (darwin?)".

Somewhat more importantly, of course, you need to know the system you
are attacking is a PPC system (not much use in trying to bang on PPC
systems with x86 shellcode or vice versa), and of course the system to
be attacked must be running software with known holes, and the attacker
must be able to access the faulty software somehow (so even if there is
a bug in OpenSSL, if your web server isn't configured to use https or
if the https port is firewalled off from the rest of the world the
attacker will have a very hard time utilizing the vulnerability).

-- 
Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
+358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS