Date: Mon, 24 Jun 1996 17:26:35 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: Matthew Jason White <mwhite+@CMU.EDU> Cc: hackers@FreeBSD.org, security@FreeBSD.org, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960624172432.21697Q-100000@mercury.gaianet.net> In-Reply-To: <0lnmnpy00YUp8Ea2EM@andrew.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 1996, Matthew Jason White wrote: > Excerpts from freebsd-security: 24-Jun-96 Re: I need help on this one.. > by -Vince-@mercury.gaianet. > > Yeah, that's the real question is like if he can transfer the > > binary from another machine and have it work... other people can do the > > same thing and gain access to FreeBSD boxes as root as long as they have > > a account on that machine... > > That shouldn't be possible. FreeBSD wouldn't allow the transfer program > to assign root ownership to a program unless that program is run as > root. The programs typically run on a FreeBSD system as root do not > assign ownership in this way. This guy must've gotten root some other > way and then created the shell so that he could get root again in the > future. Yeah, that's what I'm thinking... Since it seems like there was a problem of running ypwhich to get root on another machine running 2.1R but in -current, it doesn't work. > You probably want to change the security script so that it points out > ALL suid programs in /usr/home, /tmp, /var/tmp and /usr/tmp, or any > other publicly writeable area. Are you running inn1.4 on this system? > If so, you should probably upgrade to inn-1.4uoff4 (this port should > prolly be upgraded, if someone hasn't already). Hmmm, we're not running inn at all... Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960624172432.21697Q-100000>