Date: Tue, 25 Jun 1996 10:55:43 +0930 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: mark@grumble.grondar.za.@grondar.za (Mark Murray) Cc: richardc@CSUA.Berkeley.EDU, mark@grumble.grondar.za, wilko@yedi.iaf.nl, jkh@time.cdrom.com, guido@gvr.win.tue.nl, hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606250125.KAA25110@genesis.atrad.adelaide.edu.au> In-Reply-To: <199606242043.WAA06435@grumble.grondar.za> from "Mark Murray" at Jun 24, 96 10:43:36 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray stands accused of saying: > > > > -rwsr-xr-x 1 root users 278528 Jun 18 04:01 root is from the dir > ^ > | This is a setuid prog. The program is owned by root, and is > SETUID, therefore it will run as if it were root. It is > probably a shell (bash, sh, csh) renamed to root and setuid. > "chmod 755 root" will cut it down to size. lovely:~>ls -l /bin/sh -r-xr-xr-x 1 bin bin 278528 Jun 19 20:34 /bin/sh The question is, of course, what a setuid-root copy of /bin/sh is doing in this user's home directory. Have you fixed the 'modload' hole on this system yet? > Mark Murray -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] Collector of old Unix hardware. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606250125.KAA25110>