From owner-freebsd-bugs Sat Jan 27 12:46:47 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id MAA00281 for bugs-outgoing; Sat, 27 Jan 1996 12:46:47 -0800 (PST) Received: from netcom13.netcom.com (dhawk@netcom13.netcom.com [192.100.81.125]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id MAA00274 for ; Sat, 27 Jan 1996 12:46:45 -0800 (PST) Received: by netcom13.netcom.com (8.6.12/Netcom) id MAA28965; Sat, 27 Jan 1996 12:46:07 -0800 From: dhawk@netcom.com (David H) Message-Id: <199601272046.MAA28965@netcom13.netcom.com> Subject: Not Exactly a Bug, but a Crack To: bugs@freebsd.org Date: Sat, 27 Jan 1996 12:46:07 -0800 (PST) X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-bugs@freebsd.org Precedence: bulk Didn't want to publicize this too widely, so thought I'd try this email address. I have a conferencing system of 300 users. Upgraded the binaries to 2.1 in December, but couldn't boot off the generic 2.1 kernel. Finally got it to boot on a compiled 2.1 kernel on Thursday. On Wednesday, the day before, the security script reported that my /usr/sbin/sendmail had been replaced. It was still suid-root and now setgid kmem. My cd-rom drive on the machine is broken, so I haven't been able to replace it yet. I check COPS and got the same three items it reported in November and December: 1. doesn't like the 'toor' account (second root account), 2. /etc/security is readable (but only to group wheel), and 3. /var/spool/uucppublic is world-writeable (but nobody's written to it). Is there anything else I can do to secure the system? Also, can I download a good copy of the sendmail binary from anywhere? I want a good sendmail before I ask everyone to change their password. (My guess is that this binary is using the setgid kmem to watch for passwords in the kernel?) All advice greatly appreciated. later, david -- David Hawkins - dhawk@netcom.com - DoD#1113 There are two insults no human being will endure: that he has no sense of humor, and that he has never known trouble. -- Sinclair Lewis, "Main Street"