From owner-freebsd-hackers Mon Aug 4 08:11:56 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA05074 for hackers-outgoing; Mon, 4 Aug 1997 08:11:56 -0700 (PDT) Received: from server.netplus.com.br (root@[200.247.23.97]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA05041 for ; Mon, 4 Aug 1997 08:11:40 -0700 (PDT) Received: from sergio.lenzi (dial11.netplus [192.168.9.18]) by server.netplus.com.br (8.8.5/8.8.5) with ESMTP id MAA23712; Mon, 4 Aug 1997 12:13:23 GMT Received: from localhost (lenzi@localhost) by sergio.lenzi (8.8.5/8.8.5) with SMTP id JAA06250; Mon, 4 Aug 1997 09:49:58 GMT X-Authentication-Warning: sergio.lenzi: lenzi owned process doing -bs Date: Mon, 4 Aug 1997 09:49:56 +0000 (GMT) From: "Lenzi, Sergio" X-Sender: lenzi@sergio Reply-To: "Lenzi, Sergio" To: Tom Samplonius cc: Dan Riley , hackers@freebsd.org Subject: Re: security hole on FreeBSD 2.2.2 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 1 Aug 1997, Tom Samplonius wrote: > Huh? I'm looking at /usr/bin/ on couple of 2.2.2 machines and there is > no superl*... what is that file supposed to be anyhow? > > Are you sure you did not install from a tainted distribution that had a > backdoor installed? Or, were you fooled in running a trojan horse as root > and it created the superl* file? > I think not, an ls -al from the /cdrom/usr/bin | grep perl (WC second cd) shows.... -r-xr-xr-x 2 bin bin 307200 May 20 10:32 curseperl -r-xr-xr-x 2 bin bin 274432 May 20 10:32 perl ---s--x--x 4 root bin 282624 May 20 10:32 sperl4.036 ---s--x--x 4 root bin 282624 May 20 10:32 suidperl -r-xr-xr-x 4 bin bin 282624 May 20 10:32 tperl -r-xr-xr-x 4 bin bin 282624 May 20 10:32 tperl4.036 the pgrogram in question is superl4.036. Sergio Lenzi.