Date: Wed, 6 Dec 2006 22:15:30 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Paul Schmehl <pauls@utdallas.edu> Cc: questions@FreeBSD.org, john Mish III <jmanfffreak@hotmail.com>, Kris Kennaway <kris@obsecurity.org> Subject: Re: su to root denied? Message-ID: <20061207031530.GA76587@xor.obsecurity.org> In-Reply-To: <9AFFF19E085F4FF375D44EF2@paul-schmehls-powerbook59.local> References: <BAY115-F332E6015760CD2256C6958BCDC0@phx.gbl> <20061207024240.GA75975@xor.obsecurity.org> <9AFFF19E085F4FF375D44EF2@paul-schmehls-powerbook59.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2006 at 09:08:18PM -0600, Paul Schmehl wrote: > --On December 6, 2006 9:42:41 PM -0500 Kris Kennaway <kris@obsecurity.org= >=20 > wrote: >=20 > >On Wed, Dec 06, 2006 at 07:52:50PM -0600, john Mish III wrote: > >>I get this error message when I try to su to anything, either from root > >>or to root, and I don't know why. > >>$ su > >>su: not running setuid > > > >Somehow your su application lost its setuid bit. Instead of blinding > >chmodding it you may want to be careful and replace it with a known > >good binary in case someone overwrote it somehow. > > > Or he's been hacked, and he needs to proceed very cautiously.... That's what I was alluding to, yes. Files don't randomly lose setuid bits unless *something* is going on, although there are mundane explanations also. Kris --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFd4dSWry0BWjoQKURAjYZAKDpcBLV/aw5qzDZbrWY2oTycxniVgCgldjd 0NihEJpSiIIFelLUGSG47Bk= =SR1X -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061207031530.GA76587>