Date: Mon, 24 Jun 1996 17:51:57 -0400 (EDT) From: Matthew Jason White <mwhite+@CMU.EDU> To: Veggy Vinny <richardc@CSUA.Berkeley.EDU> Cc: Mark Murray <mark@grumble.grondar.za>, Wilko Bulte <wilko@yedi.iaf.nl>, "Jordan K. Hubbard" <jkh@time.cdrom.com>, guido@gvr.win.tue.nl, hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <4lnkrxe00YUpQCvVNx@andrew.cmu.edu> In-Reply-To: <199606242043.WAA06435@grumble.grondar.za> References: <199606242043.WAA06435@grumble.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Excerpts from freebsd-security: 24-Jun-96 Re: I need help on this one.. by Mark Murray@grondar.za > | This is a setuid prog. The program is owned by root, and is > SETUID, therefore it will run as if it were root. It is > probably a shell (bash, sh, csh) renamed to root and setuid. > "chmod 755 root" will cut it down to size. I think perhaps a better question to be asking is how this guy got a suid shell on that system. It could have been a booby-trapped program that got run as root, but one would hope that such a chintsy method wouldn't work on most systems. -Matt ----- Matt White Email: mwhite+@cmu.edu http://www.cs.cmu.edu/afs/cs/user/mwhite/www/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4lnkrxe00YUpQCvVNx>