Date: Thu, 14 Sep 2000 20:45:30 -0400 From: Mike <mike@mikesweb.com> To: Bill Fumerola <billf@chimesnet.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: make is suid? Message-ID: <4.3.2.7.2.20000914204506.0f6eb548@mail.mikesweb.com> In-Reply-To: <4.3.2.7.2.20000914204109.00b80868@mail.mikesweb.com> References: <20000914203550.M47559@jade.chc-chimes.com> <4.3.2.7.2.20000914203236.00ba1c10@mail.mikesweb.com> <4.3.2.7.2.20000914203236.00ba1c10@mail.mikesweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
(forgot to mention that I had taken out the user exec permissions before doing the listing) At 08:43 PM 9/14/2000 -0400, Mike wrote: >Just set up that box not too long ago, and was just going through taking >out all the suid stuff.. I'm the only person with access to the box, so >I'm doubting compromise. >This is what I had for "find / -perm -2000 -ls" after a fresh install and >cvsup. > > 8027 190 -r-sr-sr-x 1 uucp dialer 96540 > Jul 30 00:46 /usr/bin/uustat > 8073 26 -r-xr-s--- 1 root kmem 12900 > Jul 30 00:49 /usr/bin/fstat > 8088 20 -r-xr-s--- 1 root kmem 9624 > Jul 30 00:49 /usr/bin/ipcs > 8135 166 -r-xr-s--- 1 root kmem 84448 > Jul 30 00:49 /usr/bin/netstat > 8137 20 -r-xr-s--- 1 root kmem 9660 > Jul 30 00:49 /usr/bin/nfsstat > 8172 112 -r-xr-s--- 1 root kmem 56392 > Jul 30 00:49 /usr/bin/systat > 8182 64 -r-xr-s--- 1 root kmem 32136 > Jul 30 00:49 /usr/bin/top > 8204 34 -r-xr-s--- 1 root kmem 16392 > Jul 30 00:49 /usr/bin/vmstat > 8214 16 -r-xr-s--- 1 root tty 7288 > Jul 30 00:49 /usr/bin/write >3190413 448 -r-sr-sr-x 1 uucp dialer 220460 >Jul 30 00:46 /usr/libexec/uucp/uucico >3190414 224 -r-sr-s--- 1 uucp uucp 99340 >Jul 30 00:46 /usr/libexec/uucp/uuxqt >6317475 896 -rwxr-sr-x 1 root kmem 442384 >Aug 25 05:51 /usr/local/bin/make > >At 08:35 PM 9/14/2000 -0400, Bill Fumerola wrote: >>On Thu, Sep 14, 2000 at 08:33:28PM -0400, Mike wrote: >> > I noticed that make is suid root. >> > -rwxr-sr-x 1 root kmem 442384 Aug 25 05:51 >> > /usr/local/bin/make >> >>[hawk-billf] /home/billf/postfix-current > ls -l =make >>-r-xr-xr-x 1 root wheel 97120 Jul 14 00:17 /usr/bin/make* >> >> > Is that supposed to be? Would it still work for users if it wasn't? >> >>No, it shouldn't be. >>Yes, it does. >> >>I'd suspect that your machine has had a compromise, if I were you. >> >>-- >>Bill Fumerola - Network Architect, BOFH / Chimes, Inc. >> billf@chimesnet.com / billf@FreeBSD.org >> >> >> >> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-isp" in the body of the message > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000914204506.0f6eb548>