Yeah -- I can see what youre saying, and why you said it. However, with unix administration in my background I am curious about how you guys know the extent of their access.
From the description of the problem it sounds as though this remote user was able to arbitrary user level commands, and there are very few systems that will withstand a malicious local user. Infopop's software is a great example of that -- last i checked it required lots of loose permissions on files.
Im not trying to be annoying here -- I am just concerned. For most sites, the standard reaction to system level compromises is to reinstall.
[This message was edited by lumpy on 30 Jan 02 at 07:37 PM.]
