From owner-freebsd-questions Sun Oct 13 9:10: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D690037B404 for ; Sun, 13 Oct 2002 09:09:58 -0700 (PDT) Received: from vms3.rit.edu (vms3.isc.rit.edu [129.21.3.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7578643E91 for ; Sun, 13 Oct 2002 09:09:58 -0700 (PDT) (envelope-from bjm1287@ritvax.isc.rit.edu) Received: from dogbert ([129.21.129.47]) by ritvax.isc.rit.edu (PMDF V5.2-32 #40294) with ESMTPA id <01KNM6GMKP8CP0B8E8@ritvax.isc.rit.edu> for freebsd-questions@FreeBSD.ORG; Sun, 13 Oct 2002 12:09:45 EDT Date: Sun, 13 Oct 2002 12:08:29 -0400 From: Brian McCann Subject: RE: Slightly OT: How to remove an odd file... In-reply-to: <3DA99893.3000304@attbi.com> To: 'paul' , freebsd-questions@FreeBSD.ORG Message-id: <005b01c272d2$c67fad30$1500a8c0@dogbert> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mailer: Microsoft Outlook, Build 10.0.2616 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Yea...did it logged on directly as root. I think what happened is someone hacked the box via anon. FTP and made this program as a back door of some kind. :-/ I was able to 'chmod +w " " ' it, no errors there...but it yells when I try to rm it. --Brian McCann -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of paul Sent: Sunday, October 13, 2002 12:00 PM To: freebsd-questions@FreeBSD.ORG Subject: Re: Slightly OT: How to remove an odd file... Brian McCann wrote: > No go...here's the listing for the file...here's what happens... > > -rwsr-sr-x 1 root root 64924 Sep 2 15:24 > > rm " " > rm: remove write-protected file ` '? y > rm: cannot unlink ` ': Operation not permitted > > Any other ideas? > I assume you did this as root/sudo? Strange that it's setuid . . . . -- Paul Beard / 8040 27th Ave NE / Seattle WA 98115 / paulbeard [at] mac [ dot] com / 206 529 8400 weblog @ With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message