Date: Mon, 24 Jun 1996 16:54:26 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: Matthew Jason White <mwhite+@CMU.EDU> Cc: Mark Murray <mark@grumble.grondar.za>, Wilko Bulte <wilko@yedi.iaf.nl>, "Jordan K. Hubbard" <jkh@time.cdrom.com>, guido@gvr.win.tue.nl, hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960624165238.21697L-100000@mercury.gaianet.net> In-Reply-To: <4lnkrxe00YUpQCvVNx@andrew.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 1996, Matthew Jason White wrote: > Excerpts from freebsd-security: 24-Jun-96 Re: I need help on this one.. > by Mark Murray@grondar.za > > | This is a setuid prog. The program is owned by root, and is > > SETUID, therefore it will run as if it were root. It is > > probably a shell (bash, sh, csh) renamed to root and setuid. > > "chmod 755 root" will cut it down to size. > > I think perhaps a better question to be asking is how this guy got a > suid shell on that system. It could have been a booby-trapped program > that got run as root, but one would hope that such a chintsy method > wouldn't work on most systems. Yeah, that's the real question is like if he can transfer the binary from another machine and have it work... other people can do the same thing and gain access to FreeBSD boxes as root as long as they have a account on that machine... Vince GaiaNet - System Administration
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960624165238.21697L-100000>