Might not be the admins

Posted Sep 11, 2011 17:01 UTC (Sun) by david.a.wheeler (subscriber, #72896)
In reply to: Security breach on Linux.com, LinuxFoundation.org by hassock
Parent article: Security breach on Linux.com, LinuxFoundation.org

Why assume it's the admins? This could be the result of a 0-day that can be exploited through the network, without authentication. I don't think we know enough yet.

Might not be the admins

Posted Sep 11, 2011 18:20 UTC (Sun) by AlexHudson (guest, #41828) [Link] (9 responses)

I thought they said previously that the working theory was some user's credentials were compromised first - even less of an admin issue imho...

Might not be the admins

Posted Sep 11, 2011 22:22 UTC (Sun) by epa (subscriber, #39769) [Link] (8 responses)

If you offer user accounts on the machine, you must expect that sooner or later one of them will be compromised. That's just common sense, given people's common behaviour of reusing passwords, logging in from insecure Windows PCs and so on. If your system tends to have local root exploits, such that the compromise of one account leads to compromise of all, then you must consider very carefully whether to offer user accounts at all. It's certainly an admin issue.

Might not be the admins

Posted Sep 11, 2011 23:41 UTC (Sun) by elanthis (guest, #6227) [Link] (4 responses)

I like how you manage to call Windows the insecure OS in this story when it's Linux servers that got hacked.

Might not be the admins

Posted Sep 12, 2011 4:55 UTC (Mon) by cmccabe (guest, #60281) [Link] (2 responses)

Just based on this email, we don't know whether the Linux servers were hacked at all. All we know is that the attackers managed to get control of a shell account and escalate that to root. It could have been done through piggybacking on sudo or through an exploit. There's no reason to start a Windows vs. Linux vs. whatever flamewar.

Personally I agree with epa. It's nice to have a server that just does one thing and doesn't offer shell accounts. It will be interesting to see what the admins decide to do to tighten security in the future.

Might not be the admins

Posted Sep 13, 2011 8:18 UTC (Tue) by epa (subscriber, #39769) [Link] (1 responses)

Just based on this email, we don't know whether the Linux servers were hacked at all. All we know is that the attackers managed to get control of a shell account and escalate that to root.

I would call a root exploit being 'hacked', wouldn't you?

Come to think of it, even social engineering to get hold of the root password would count as 'hacking' in my book.

Might not be the admins

Posted Sep 23, 2011 19:27 UTC (Fri) by cmccabe (guest, #60281) [Link]

Well, there are ways to escalate without going through the kernel.

Like this one:
https://bugs.launchpad.net/ubuntu/+bug/127116

Might not be the admins

Posted Sep 13, 2011 8:15 UTC (Tue) by epa (subscriber, #39769) [Link]

Touché! I edited my comment at the last minute to add that bit about 'insecure Windows' in an attempt to soften the tone and deflect any indignant responses from people who are a bit sensitive about these things. But this isn't Slashdot and I need not have bothered.

The point is, user accounts can and do get compromised. If you can't trust your system to keep users properly isolated from each other, then don't give out user accounts. You would instead need to run virtual machines or some other heavily sandboxed environment. It's ugly, and I hate to admit it, but that's how things are.

Might not be the admins

Posted Sep 12, 2011 8:23 UTC (Mon) by AlexHudson (guest, #41828) [Link] (2 responses)

Choice of whether or not to offer user accounts is generally not an admin issue at all: admins are there to provide tools, not dictate what tools are available. User accounts becoming compromised is just a fact of life, it's the cost of running public services.

Might not be the admins

Posted Sep 13, 2011 8:20 UTC (Tue) by epa (subscriber, #39769) [Link] (1 responses)

If the administrator's job is to provide user accounts, it is also his or her job to sandbox them adequately so that giving out one account is not equivalent to giving out root access.

Might not be the admins

Posted Sep 13, 2011 13:49 UTC (Tue) by foom (subscriber, #14868) [Link]

> If the administrator's job is to provide user accounts, it is also his or her job to sandbox them adequately so that giving out one account is not equivalent to giving out root access.

Might be best to give them out on a non-linux machine, then...