From owner-freebsd-security  Tue Dec  4 12:57:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail2.uniserve.com (mail2.uniserve.com [204.244.156.10])
	by hub.freebsd.org (Postfix) with ESMTP id C809C37B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 12:57:47 -0800 (PST)
Received: from landons.vpp-office.uniserve.ca ([216.113.198.10] helo=pirahna.uniserve.com)
	by mail2.uniserve.com with esmtp (Exim 3.13 #1)
	id 16BMdK-0006cS-00; Tue, 04 Dec 2001 12:57:42 -0800
Message-Id: <5.1.0.14.0.20011204125646.02d96008@pop.uniserve.com>
X-Sender: landons@pop.uniserve.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 04 Dec 2001 12:57:39 -0800
To: Alfred Perlstein <bright@mu.org>, David <habeeb@cfl.rr.com>
From: Landon Stewart <landons@uniserve.com>
Subject: Re: su to root without passwd (you are hacked)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20011204135215.P92148@elvis.mu.org>
References: <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
 <003901c17cdb$8eec7df0$04e3a8c0@beco.hu>
 <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_8679540==_.ALT"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

--=====================_8679540==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

OR the username you are su'ing from already has a uid of 0 which.  su'ing 
from a username with a uid of 0 would not ask for a password, it would 
simply start a new shell.



At 01:52 PM 12/4/2001 -0600, Alfred Perlstein wrote:
>* David <habeeb@cfl.rr.com> [011204 13:41] wrote:
> > No, su without a password for root is not an AI feature where freebsd
> > remembers your password.  The difference between your 2 boxes seems to be
> > clear, 1 of them (the one which does not ask for a password) has some
> > backdoors/trojans on it from a novice script kiddie who has compromised 
> your
> > box.  Your 2nd box could as well be compromised.
>
>Either that or somehow the root password has been nulled out by accident.
>Or, the user doing the su'ing somehow has a uid of 0 already.
>
>--
>-Alfred Perlstein [alfred@freebsd.org]
>'Instead of asking why a piece of software is using "1970s technology,"
>  start asking why software is ignoring 30 years of accumulated wisdom.'
>                            http://www.morons.org/rants/gpl-harmful.php3
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

---
Landon Stewart
System Administrator
Uniserve Online
landons@uniserve.com
Telephone: (604) 856-6281 ext 399
Toll Free: (877) UNI-Serve ext 399


Right of Use Disclaimer:
"The sender intends this message for a specific recipient and, as it may 
contain information that is privileged or confidential, any use, 
dissemination, forwarding, or copying by anyone without permission from the 
sender is prohibited. Personal e-mail may contain views that are not 
necessarily those of the company."

--=====================_8679540==_.ALT
Content-Type: text/html; charset="us-ascii"

<html>
OR the username you are su'ing from already has a uid of 0 which.&nbsp;
su'ing from a username with a uid of 0 would not ask for a password, it
would simply start a new shell.<br><br>
<br><br>
At 01:52 PM 12/4/2001 -0600, Alfred Perlstein wrote:<br>
<blockquote type=cite class=cite cite>* David &lt;habeeb@cfl.rr.com&gt;
[011204 13:41] wrote:<br>
&gt; No, su without a password for root is not an AI feature where
freebsd<br>
&gt; remembers your password.&nbsp; The difference between your 2 boxes
seems to be<br>
&gt; clear, 1 of them (the one which does not ask for a password) has
some<br>
&gt; backdoors/trojans on it from a novice script kiddie who has
compromised your<br>
&gt; box.&nbsp; Your 2nd box could as well be compromised.<br><br>
Either that or somehow the root password has been nulled out by
accident.<br>
Or, the user doing the su'ing somehow has a uid of 0 already.<br><br>
-- <br>
-Alfred Perlstein [alfred@freebsd.org]<br>
'Instead of asking why a piece of software is using &quot;1970s
technology,&quot;<br>
&nbsp;start asking why software is ignoring 30 years of accumulated
wisdom.'<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="http://www.morons.org/rants/gpl-harmful.php3" eudora="autourl">http://www.morons.org/rants/gpl-harmful.php3</a><br><br>
To Unsubscribe: send mail to majordomo@FreeBSD.org<br>
with &quot;unsubscribe freebsd-security&quot; in the body of the
message</blockquote>
<x-sigsep><p></x-sigsep>
<tt><font face="Courier New, Courier" color="#800080">---<br>
</font><font face="Courier New CE, Courier" color="#0000FF">Landon
Stewart<br>
System Administrator<br>
Uniserve Online<br>
landons@uniserve.com<br>
Telephone: (604) 856-6281 ext 399<br>
Toll Free: (877) UNI-Serve ext 399<br><br>
<br>
</font><font face="Fixedsys" color="#C0C0C0">Right of Use
Disclaimer:<br>
&quot;The sender intends this message for a specific recipient and, as it
may contain information that is privileged or confidential, any use,
dissemination, forwarding, or copying by anyone without permission from
the sender is prohibited. Personal e-mail may contain views that are not
necessarily those of the company.&quot;<br>
</font></html>

--=====================_8679540==_.ALT--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message