From owner-freebsd-questions@FreeBSD.ORG Thu Dec 7 03:15:52 2006 Return-Path: <owner-freebsd-questions@FreeBSD.ORG> X-Original-To: questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2FB1516A403 for <questions@FreeBSD.org>; Thu, 7 Dec 2006 03:15:52 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA9E443CA6 for <questions@FreeBSD.org>; Thu, 7 Dec 2006 03:15:02 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 93E0F1A3C19; Wed, 6 Dec 2006 19:15:51 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id BB9155138A; Wed, 6 Dec 2006 22:15:30 -0500 (EST) Date: Wed, 6 Dec 2006 22:15:30 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Paul Schmehl <pauls@utdallas.edu> Message-ID: <20061207031530.GA76587@xor.obsecurity.org> References: <BAY115-F332E6015760CD2256C6958BCDC0@phx.gbl> <20061207024240.GA75975@xor.obsecurity.org> <9AFFF19E085F4FF375D44EF2@paul-schmehls-powerbook59.local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1" Content-Disposition: inline In-Reply-To: <9AFFF19E085F4FF375D44EF2@paul-schmehls-powerbook59.local> User-Agent: Mutt/1.4.2.2i Cc: questions@FreeBSD.org, john Mish III <jmanfffreak@hotmail.com>, Kris Kennaway <kris@obsecurity.org> Subject: Re: su to root denied? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions> List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Thu, 07 Dec 2006 03:15:52 -0000 --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2006 at 09:08:18PM -0600, Paul Schmehl wrote: > --On December 6, 2006 9:42:41 PM -0500 Kris Kennaway <kris@obsecurity.org= >=20 > wrote: >=20 > >On Wed, Dec 06, 2006 at 07:52:50PM -0600, john Mish III wrote: > >>I get this error message when I try to su to anything, either from root > >>or to root, and I don't know why. > >>$ su > >>su: not running setuid > > > >Somehow your su application lost its setuid bit. Instead of blinding > >chmodding it you may want to be careful and replace it with a known > >good binary in case someone overwrote it somehow. > > > Or he's been hacked, and he needs to proceed very cautiously.... That's what I was alluding to, yes. Files don't randomly lose setuid bits unless *something* is going on, although there are mundane explanations also. Kris --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFd4dSWry0BWjoQKURAjYZAKDpcBLV/aw5qzDZbrWY2oTycxniVgCgldjd 0NihEJpSiIIFelLUGSG47Bk= =SR1X -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1--