Date: Mon, 24 Jun 1996 20:04:05 -0400 (EDT) From: Matthew Jason White <mwhite+@CMU.EDU> Cc: hackers@FreeBSD.org, security@FreeBSD.org, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <0lnmnpy00YUp8Ea2EM@andrew.cmu.edu> In-Reply-To: <Pine.BSF.3.91.960624165238.21697L-100000@mercury.gaianet.net> References: <Pine.BSF.3.91.960624165238.21697L-100000@mercury.gaianet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Excerpts from freebsd-security: 24-Jun-96 Re: I need help on this one.. by -Vince-@mercury.gaianet. > Yeah, that's the real question is like if he can transfer the > binary from another machine and have it work... other people can do the > same thing and gain access to FreeBSD boxes as root as long as they have > a account on that machine... That shouldn't be possible. FreeBSD wouldn't allow the transfer program to assign root ownership to a program unless that program is run as root. The programs typically run on a FreeBSD system as root do not assign ownership in this way. This guy must've gotten root some other way and then created the shell so that he could get root again in the future. You probably want to change the security script so that it points out ALL suid programs in /usr/home, /tmp, /var/tmp and /usr/tmp, or any other publicly writeable area. Are you running inn1.4 on this system? If so, you should probably upgrade to inn-1.4uoff4 (this port should prolly be upgraded, if someone hasn't already). -Matt ----- Matt White Email: mwhite+@cmu.edu http://www.cs.cmu.edu/afs/cs/user/mwhite/www/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0lnmnpy00YUp8Ea2EM>