Date: Sat, 10 Feb 1996 12:45:12 -0700 (MST) From: Dave Andersen <angio@aros.net> To: taob@io.org (Brian Tao) Cc: pst@shockwave.com, freebsd-security@freebsd.org Subject: Re: User creating root-owned directories? Message-ID: <199602101945.MAA12583@terra.aros.net> In-Reply-To: <Pine.BSF.3.91.960210095956.17721M-100000@zip.io.org> from "Brian Tao" at Feb 10, 96 11:36:15 am
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Brian Tao once said: > I'll perform a more detailed scan for setuid and setgid programs > today then. A lot of our users run setuid CGI scripts (PHP tools, a > Web page logging package)... the hacker may have named a setuid > program after one of the PHP scripts to hide it from scrutiny. > Probably a good time to compare MD5 signatures on the system binaries > too... *sigh*. From the way the filename looks, it's almost tempting to say that someone got in through a poorly configured cgi-bin script of some type. Do you have setuid cgis lying around that might use user-input for generating a command line? (The "I got in ; ls" is what suggests it..) -Dave Andersen -- angio@aros.net Complete virtual hosting and business-oriented system administration Internet services. (WWW, FTP, email) http://www.aros.net/ http://www.aros.net/about/virtual/ "There are only two industries that refer to thier customers as 'users'."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602101945.MAA12583>