Date: Thu, 14 Sep 2000 20:53:45 -0500 (CDT) From: Marius Strom <marius@alpha1.net> To: Mike <mike@mikesweb.com> Cc: freebsd-isp@freebsd.org Subject: Re: make is suid? Message-ID: <Pine.BSF.4.21.0009142053090.66657-100000@marius.org> In-Reply-To: <4.3.2.7.2.20000914204109.00b80868@mail.mikesweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
After "fresh install and cvsup" you shouldn't have anything in /usr/local, IITC (If I'm Thinking Correctly) -- Marius Strom <marius@alpha1.net> Professional Geek/Unix System Administrator Alpha1 Internet <http://www.alpha1.net>; http://www.marius.org/marius.pgp 0x55DE53E4 Turn off the faucet? We're too busy mopping up the floor! On Thu, 14 Sep 2000, Mike wrote: > Just set up that box not too long ago, and was just going through taking > out all the suid stuff.. I'm the only person with access to the box, so I'm > doubting compromise. > This is what I had for "find / -perm -2000 -ls" after a fresh install and > cvsup. > > 8027 190 -r-sr-sr-x 1 uucp dialer 96540 Jul > 30 00:46 /usr/bin/uustat > 8073 26 -r-xr-s--- 1 root kmem 12900 Jul > 30 00:49 /usr/bin/fstat > 8088 20 -r-xr-s--- 1 root kmem 9624 Jul > 30 00:49 /usr/bin/ipcs > 8135 166 -r-xr-s--- 1 root kmem 84448 Jul > 30 00:49 /usr/bin/netstat > 8137 20 -r-xr-s--- 1 root kmem 9660 Jul > 30 00:49 /usr/bin/nfsstat > 8172 112 -r-xr-s--- 1 root kmem 56392 Jul > 30 00:49 /usr/bin/systat > 8182 64 -r-xr-s--- 1 root kmem 32136 Jul > 30 00:49 /usr/bin/top > 8204 34 -r-xr-s--- 1 root kmem 16392 Jul > 30 00:49 /usr/bin/vmstat > 8214 16 -r-xr-s--- 1 root tty 7288 Jul > 30 00:49 /usr/bin/write > 3190413 448 -r-sr-sr-x 1 uucp dialer 220460 Jul > 30 00:46 /usr/libexec/uucp/uucico > 3190414 224 -r-sr-s--- 1 uucp uucp 99340 Jul > 30 00:46 /usr/libexec/uucp/uuxqt > 6317475 896 -rwxr-sr-x 1 root kmem 442384 Aug > 25 05:51 /usr/local/bin/make > > At 08:35 PM 9/14/2000 -0400, Bill Fumerola wrote: > >On Thu, Sep 14, 2000 at 08:33:28PM -0400, Mike wrote: > > > I noticed that make is suid root. > > > -rwxr-sr-x 1 root kmem 442384 Aug 25 05:51 > > > /usr/local/bin/make > > > >[hawk-billf] /home/billf/postfix-current > ls -l =make > >-r-xr-xr-x 1 root wheel 97120 Jul 14 00:17 /usr/bin/make* > > > > > Is that supposed to be? Would it still work for users if it wasn't? > > > >No, it shouldn't be. > >Yes, it does. > > > >I'd suspect that your machine has had a compromise, if I were you. > > > >-- > >Bill Fumerola - Network Architect, BOFH / Chimes, Inc. > > billf@chimesnet.com / billf@FreeBSD.org > > > > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009142053090.66657-100000>