From owner-freebsd-security Tue Dec 4 11:52:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [216.33.66.196]) by hub.freebsd.org (Postfix) with ESMTP id DBAE037B416 for ; Tue, 4 Dec 2001 11:52:15 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1192) id 9493F81D01; Tue, 4 Dec 2001 13:52:15 -0600 (CST) Date: Tue, 4 Dec 2001 13:52:15 -0600 From: Alfred Perlstein To: David Cc: freebsd-security@FreeBSD.ORG Subject: Re: su to root without passwd (you are hacked) Message-ID: <20011204135215.P92148@elvis.mu.org> References: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu> <002f01c17cf3$3f75b3a0$ff7e2341@mercenary> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>; from habeeb@cfl.rr.com on Tue, Dec 04, 2001 at 01:41:12PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * David [011204 13:41] wrote: > No, su without a password for root is not an AI feature where freebsd > remembers your password. The difference between your 2 boxes seems to be > clear, 1 of them (the one which does not ask for a password) has some > backdoors/trojans on it from a novice script kiddie who has compromised your > box. Your 2nd box could as well be compromised. Either that or somehow the root password has been nulled out by accident. Or, the user doing the su'ing somehow has a uid of 0 already. -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' http://www.morons.org/rants/gpl-harmful.php3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message