Date: Tue, 04 Dec 2001 12:57:39 -0800 From: Landon Stewart <landons@uniserve.com> To: Alfred Perlstein <bright@mu.org>, David <habeeb@cfl.rr.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: su to root without passwd (you are hacked) Message-ID: <5.1.0.14.0.20011204125646.02d96008@pop.uniserve.com> In-Reply-To: <20011204135215.P92148@elvis.mu.org> References: <002f01c17cf3$3f75b3a0$ff7e2341@mercenary> <003901c17cdb$8eec7df0$04e3a8c0@beco.hu> <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
next in thread | previous in thread | raw e-mail | index | archive | help
--=====================_8679540==_.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed OR the username you are su'ing from already has a uid of 0 which. su'ing from a username with a uid of 0 would not ask for a password, it would simply start a new shell. At 01:52 PM 12/4/2001 -0600, Alfred Perlstein wrote: >* David <habeeb@cfl.rr.com> [011204 13:41] wrote: > > No, su without a password for root is not an AI feature where freebsd > > remembers your password. The difference between your 2 boxes seems to be > > clear, 1 of them (the one which does not ask for a password) has some > > backdoors/trojans on it from a novice script kiddie who has compromised > your > > box. Your 2nd box could as well be compromised. > >Either that or somehow the root password has been nulled out by accident. >Or, the user doing the su'ing somehow has a uid of 0 already. > >-- >-Alfred Perlstein [alfred@freebsd.org] >'Instead of asking why a piece of software is using "1970s technology," > start asking why software is ignoring 30 years of accumulated wisdom.' > http://www.morons.org/rants/gpl-harmful.php3 > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message --- Landon Stewart System Administrator Uniserve Online landons@uniserve.com Telephone: (604) 856-6281 ext 399 Toll Free: (877) UNI-Serve ext 399 Right of Use Disclaimer: "The sender intends this message for a specific recipient and, as it may contain information that is privileged or confidential, any use, dissemination, forwarding, or copying by anyone without permission from the sender is prohibited. Personal e-mail may contain views that are not necessarily those of the company." --=====================_8679540==_.ALT Content-Type: text/html; charset="us-ascii" <html> OR the username you are su'ing from already has a uid of 0 which. su'ing from a username with a uid of 0 would not ask for a password, it would simply start a new shell.<br><br> <br><br> At 01:52 PM 12/4/2001 -0600, Alfred Perlstein wrote:<br> <blockquote type=cite class=cite cite>* David <habeeb@cfl.rr.com> [011204 13:41] wrote:<br> > No, su without a password for root is not an AI feature where freebsd<br> > remembers your password. The difference between your 2 boxes seems to be<br> > clear, 1 of them (the one which does not ask for a password) has some<br> > backdoors/trojans on it from a novice script kiddie who has compromised your<br> > box. Your 2nd box could as well be compromised.<br><br> Either that or somehow the root password has been nulled out by accident.<br> Or, the user doing the su'ing somehow has a uid of 0 already.<br><br> -- <br> -Alfred Perlstein [alfred@freebsd.org]<br> 'Instead of asking why a piece of software is using "1970s technology,"<br> start asking why software is ignoring 30 years of accumulated wisdom.'<br> <a href="http://www.morons.org/rants/gpl-harmful.php3" eudora="autourl">http://www.morons.org/rants/gpl-harmful.php3</a><br><br>; To Unsubscribe: send mail to majordomo@FreeBSD.org<br> with "unsubscribe freebsd-security" in the body of the message</blockquote> <x-sigsep><p></x-sigsep> <tt><font face="Courier New, Courier" color="#800080">---<br> </font><font face="Courier New CE, Courier" color="#0000FF">Landon Stewart<br> System Administrator<br> Uniserve Online<br> landons@uniserve.com<br> Telephone: (604) 856-6281 ext 399<br> Toll Free: (877) UNI-Serve ext 399<br><br> <br> </font><font face="Fixedsys" color="#C0C0C0">Right of Use Disclaimer:<br> "The sender intends this message for a specific recipient and, as it may contain information that is privileged or confidential, any use, dissemination, forwarding, or copying by anyone without permission from the sender is prohibited. Personal e-mail may contain views that are not necessarily those of the company."<br> </font></html> --=====================_8679540==_.ALT-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011204125646.02d96008>