From owner-freebsd-security  Mon Jul 28 15:31:26 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA08197
          for security-outgoing; Mon, 28 Jul 1997 15:31:26 -0700 (PDT)
Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA08186
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 15:31:19 -0700 (PDT)
Received: from localhost (vince@localhost)
	by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id PAA06464;
	Mon, 28 Jul 1997 15:31:13 -0700 (PDT)
Date: Mon, 28 Jul 1997 15:31:12 -0700 (PDT)
From: Vincent Poy <vince@mail.MCESTATE.COM>
To: "Jonathan A. Zdziarski" <jonz@netrail.net>
cc: security@FreeBSD.ORG, JbHunt <johnnyu@accessus.net>,
        "[Mario1-]" <mario1@PrimeNet.Com>
Subject: Re: security hole in FreeBSD
In-Reply-To: <Pine.BSF.3.95q.970728155311.12468B-100000@netrail.net>
Message-ID: <Pine.BSF.3.95.970728153031.3844O-100000@mail.MCESTATE.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 28 Jul 1997, Jonathan A. Zdziarski wrote:

=)I'm a little paranoid, as somebody hacked our syste about a month ago and
=)said he would do it again.  Where is the source code for /bin/login?  I've
=)checked /usr/src, the only thing I find is
=)/usr/src/contrib/cvs/src/login.c and contrib/opie/libopie/login.c, but
=)that doesn't seem right.

	Did you ever track it down how they replaced the /bin/login?


Cheers,
Vince - vince@MCESTATE.COM - vince@GAIANET.NET           ________   __ ____ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
GaiaNet Corporation - M & C Estate                     / / / /  | /  | __] ]  
Beverly Hills, California USA 90210                   / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]