From owner-freebsd-security Tue Jun 25 01:46:19 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA03110 for security-outgoing; Tue, 25 Jun 1996 01:46:19 -0700 (PDT) Received: from sivka.rdy.com (sivka.rdy.com [205.149.182.19]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA03101; Tue, 25 Jun 1996 01:46:15 -0700 (PDT) Received: from dima@localhost by sivka.rdy.com id BAA10148; (8.7/RDY) Tue, 25 Jun 1996 01:33:06 -0700 (PDT) From: "Dima Ruban" Message-Id: <960625013305.ZM10146@sivka.rdy.com> Date: Tue, 25 Jun 1996 01:33:05 -0700 In-Reply-To: "JULIAN Elischer" "Re: I need help on this one - please help me track this guy down!" (Jun 24, 1:59pm) References: <199606242059.NAA01968@ref.tfs.com> Organization: HackerDome, Inc. X-Mailer: Z-Mail (4.0b.514 14may96) To: "JULIAN Elischer" , richardc@CSUA.Berkeley.EDU (Veggy Vinny) Subject: Re: I need help on this one - please help me track this guy down! Cc: mark@grumble.grondar.za, wilko@yedi.iaf.nl, jkh@time.cdrom.com, guido@gvr.win.tue.nl, hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Jun 24, 1:59pm, JULIAN Elischer wrote: > Subject: Re: I need help on this one - please help me track this guy down! > > > > > > > > On Mon, 24 Jun 1996, Mark Murray wrote: > > > > > > > What do you get from strings(1)? (Long shot..) > > > > -rwsr-xr-x 1 root users 278528 Jun 18 04:01 root is from the dir > ^ DUH! > There was also the one that used rdist in daemon mode > to rdist itself a new copy of /etc/passwd (and friends) With rdist bug in daemon mode you were able to change permissions on any file. So you don't even have to copy password file.... :-) > > I haven't looked recently to see if that still works for FreeBSD.. > I last looked in 386BSD.. > > julian > > > >-- End of excerpt from JULIAN Elischer -- -- dima