From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  7 03:08:14 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@FreeBSD.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3BE7616A4A7
	for <questions@FreeBSD.org>; Thu,  7 Dec 2006 03:08:14 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from mail.stovebolt.com (mail.stovebolt.com [66.221.101.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 06D3D43CAE
	for <questions@FreeBSD.org>; Thu,  7 Dec 2006 03:07:24 +0000 (GMT)
	(envelope-from pauls@utdallas.edu)
Received: from [192.168.2.102] (adsl-66-140-61-143.dsl.rcsntx.swbell.net
	[66.140.61.143])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.stovebolt.com (Postfix) with ESMTP id 2A404114321;
	Wed,  6 Dec 2006 21:07:39 -0600 (CST)
Date: Wed, 06 Dec 2006 21:08:18 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: Kris Kennaway <kris@obsecurity.org>,
	john Mish III <jmanfffreak@hotmail.com>
Message-ID: <9AFFF19E085F4FF375D44EF2@paul-schmehls-powerbook59.local>
In-Reply-To: <20061207024240.GA75975@xor.obsecurity.org>
References: <BAY115-F332E6015760CD2256C6958BCDC0@phx.gbl>
	<20061207024240.GA75975@xor.obsecurity.org>
X-Mailer: Mulberry/4.0.7b1 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=sha1;
	protocol="application/pkcs7-signature";
	boundary="==========ED8F54D5D173EC3C9210=========="
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: questions@FreeBSD.org
Subject: Re: su to root denied?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Dec 2006 03:08:14 -0000

--==========ED8F54D5D173EC3C9210==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--On December 6, 2006 9:42:41 PM -0500 Kris Kennaway <kris@obsecurity.org> =

wrote:

> On Wed, Dec 06, 2006 at 07:52:50PM -0600, john Mish III wrote:
>> I get this error message when I try to su to anything, either from root
>> or  to root, and I don't know why.
>> $ su
>> su: not running setuid
>
> Somehow your su application lost its setuid bit.  Instead of blinding
> chmodding it you may want to be careful and replace it with a known
> good binary in case someone overwrote it somehow.
>
Or he's been hacked, and he needs to proceed very cautiously....

Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

--==========ED8F54D5D173EC3C9210==========--