> > Bind runs as root.
> > > We are unable to determine just how they got in exactly, but they
> > > kept trying and created an oops in the affected code which allowed
> > > the attack to proceed.
> > Are you sure they didnt in fact simply screw up live patching the kernel to
> > cover their traces
> Could have. The kernel is unable to dismount the root volume when booted.
> I can go through the drive and remove confidential stuffd and just leave
> the system intact and post the entire system image to my ftp server.
This would be a good thing for those of us involved in investigating
these sorts of things. :-/
> I have changed all the passwords on the server, so what's there is no
> big deal. This server was public FTP and web/email, so nothing really
> super "confidential" on it.
> Jeff
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/