Date: Sun, 19 Dec 2004 17:51:02 +0800 From: Ganbold <ganbold@micom.mng.net> To: Dave <mudman@metafocus.net> Cc: freebsd-security@freebsd.org Subject: Re: Strange command histories in hacked shell history Message-ID: <6.2.0.14.2.20041219174654.051f1250@202.179.0.80> In-Reply-To: <20041218173044.K23128@metafocus.net> References: <20041217120138.7A89116A4D2@hub.freebsd.org> <20041217145315.GB68582@wjv.com> <41C391BE.3030604@earthlink.net> <20041218022556.GA85192@wjv.com> <1103354079.16723.6.camel@red.nativenerds.com> <41C41869.5040408@winbot.co.uk> <20041218173044.K23128@metafocus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:35 AM 12/19/2004, you wrote: > > You could change the permissions on the su binary, so that only users > in the wheel group can even > > execute su. that way, when a non-wheel user attempts to su to a user in > the wheel group, they simply > > get permission denied. > >This is a really good idea. I decided to try it as root and chmod gave me >chmod: su: Operation Not Permitted! The nerve! I'll have to have a look >at that more carefully later :) Yes, I like this idea too. I'll try it for sure. >As a side note, I think Bill's point about 2 passwords to break is pretty >strong in my point of view. Just for simplicity's sake (in both security >and in design), "the su stack" really shouldn't be any larger than 1. No >su'ing twice, or N number of times. That could be useful option too. >Hmm, I wonder if there is an option >for setting that. I suppose someone might have a purpose to, but if they >really need to be doing that, I think they have a problem in their own >designs. Anyway, thanks for all who read my annoying email and responded :) Still I don't know yet how hacker got into the system, but I'll try my best and I hope I will find more in hacked PC in next couple of days. thanks a lot, Ganbold >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.0.14.2.20041219174654.051f1250>