From owner-freebsd-questions Tue Oct 15 18:13:18 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E6E337B401 for <freebsd-questions@FreeBSD.ORG>; Tue, 15 Oct 2002 18:13:16 -0700 (PDT) Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id E894043E7B for <freebsd-questions@FreeBSD.ORG>; Tue, 15 Oct 2002 18:13:15 -0700 (PDT) (envelope-from daleco@daleco.biz) Received: from DaleCoportable [12.145.236.126] by mail.gbronline.com (SMTPD32-7.13) id A6AF65E300D4; Tue, 15 Oct 2002 19:45:35 -0500 Message-ID: <021a01c274ad$132548d0$fa00a8c0@DaleCoportable> From: "DaleCo, S.P.---'the solutions people'" <daleco@daleco.biz> To: "Andreas Ntaflos" <ant@overclockers.at>, <freebsd-questions@FreeBSD.ORG> References: <20021015230553.GA30542@Deadcell.ant> Subject: Re: strange reboot, permissions of /sbin/reboot Date: Tue, 15 Oct 2002 19:43:40 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: <freebsd-questions.FreeBSD.ORG> List-Archive: <http://docs.freebsd.org/mail/> (Web Archive) List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions) List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions> List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions> X-Loop: FreeBSD.ORG Attack? Install some rootkit and reboot, perhaps? Kevin Kinsey, DaleCo, S.P. ----- Original Message ----- From: "Andreas Ntaflos" <ant@overclockers.at> To: <freebsd-questions@FreeBSD.ORG> Sent: Tuesday, October 15, 2002 6:05 PM Subject: strange reboot, permissions of /sbin/reboot > Hello list, > Something strange just occured on a quite busy server running FreeBSD 4.6-RC > as of May 28. First, it seemed to have suddenly rebooted, but not by a > kernel trap or anything like it, the machine has been up for over 120 days, > running smoothly. We checked the logs, seeing that it was rebooted by an > ordinary user (all.log) which comes quite strange to me. > > # ls /sbin/reboot > -r-xr-xr-x 4 root wheel - 233708 Jan 19 2002 /sbin/reboot* > > First I thought someone messed up things bigtime, but checking my system > shows me the same permissions for /sbin/reboot, despite the fact that an > ordinary user on my system can NOT reboot or shutdown anything. We issued a > reboot again as a normal user, just to make sure it was not a mistake and it > did reboot again. It also seems that the first reboot was not initiated by a > user. I am a little confused...how could that happen? > > My questions are: what catches the execution of /sbin/reboot for normal > users and how could it happen that the normal user was not caught in that > case? Also, how come that the permissions on reboot and shutdown are the way > they are? > > Can someone point me to some relevant pieces of information? > > TIA > regards & good night > -- > Andreas "ant" Ntaflos > ant@overclockers.at > Vienna, AUSTRIA > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message