Date: Sat, 27 Jan 1996 12:46:07 -0800 (PST) From: dhawk@netcom.com (David H) To: bugs@freebsd.org Subject: Not Exactly a Bug, but a Crack Message-ID: <199601272046.MAA28965@netcom13.netcom.com>
next in thread | raw e-mail | index | archive | help
Didn't want to publicize this too widely, so thought I'd try this email address. I have a conferencing system of 300 users. Upgraded the binaries to 2.1 in December, but couldn't boot off the generic 2.1 kernel. Finally got it to boot on a compiled 2.1 kernel on Thursday. On Wednesday, the day before, the security script reported that my /usr/sbin/sendmail had been replaced. It was still suid-root and now setgid kmem. My cd-rom drive on the machine is broken, so I haven't been able to replace it yet. I check COPS and got the same three items it reported in November and December: 1. doesn't like the 'toor' account (second root account), 2. /etc/security is readable (but only to group wheel), and 3. /var/spool/uucppublic is world-writeable (but nobody's written to it). Is there anything else I can do to secure the system? Also, can I download a good copy of the sendmail binary from anywhere? I want a good sendmail before I ask everyone to change their password. (My guess is that this binary is using the setgid kmem to watch for passwords in the kernel?) All advice greatly appreciated. later, david -- David Hawkins - dhawk@netcom.com - DoD#1113 There are two insults no human being will endure: that he has no sense of humor, and that he has never known trouble. -- Sinclair Lewis, "Main Street"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601272046.MAA28965>