From owner-freebsd-security@FreeBSD.ORG  Fri Dec 17 16:08:36 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 24EAA16A4CE
	for <freebsd-security@freebsd.org>;
	Fri, 17 Dec 2004 16:08:36 +0000 (GMT)
Received: from krichy.tvnetwork.hu (krichy.TvNetWork.Hu [80.95.68.194])
	by mx1.FreeBSD.org (Postfix) with SMTP id 90DA343D53
	for <freebsd-security@freebsd.org>;
	Fri, 17 Dec 2004 16:08:34 +0000 (GMT)
	(envelope-from krichy@tvnetwork.hu)
Received: (qmail 2419 invoked by uid 1000); 17 Dec 2004 16:08:33 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 17 Dec 2004 16:08:33 -0000
Date: Fri, 17 Dec 2004 17:08:33 +0100 (CET)
From: Richard Kojedzinszky <krichy@tvnetwork.hu>
To: Jerry Bell <jerry@syslog.org>
In-Reply-To: <2641.209.134.164.137.1103298695.squirrel@209.134.164.137>
Message-ID: <Pine.LNX.4.58.0412171706020.14819@krichy.tvnetwork.hu>
References: <2641.209.134.164.137.1103298695.squirrel@209.134.164.137>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-security@freebsd.org
Subject: re: Strange command histories in hacked shell server
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Dec 2004 16:08:36 -0000

DEar all,

if you do su, uid and euid changes together. but when you issue passwd, a
setuid root, uid remains your uid, that is where passwd knows who is
executing him.

Kojedzinszky Richard
TvNetWork Rt.
E-mail: krichy@tvnetwork.hu
PGP: 0x24E79141
  Fingerprint = 6847 ECFF EF58 0C09 18A5  16CF 270F 0C6F 24E7 9141

On Fri, 17 Dec 2004, Jerry Bell wrote:

> Did I understand correctly, that anyone can connect to the shell server
> and create an account for themselves?
>
> I have a somewhat rudimentry hardening guide for FreeBSD at
> http://www.syslog.org/Content-5-4.phtml
> I've tried to keep it up-to-date, but I have yet to incorporate MAC, which
> I think will help out a good bit more.
>
> I hope you find this a useful.
>
> Jerry
> http://www.syslog.org
>
> Ganbold <ganbold <at> micom.mng.net> wrote:
> >Please give me some advice and info regarding this kind of hack.
> >What should I do in order to secure my shell server? I mean except
> >securelevel, unneeded services etc.
> >Can somebody give me some hints on file and directory permissions?
> >Is there anybody who has similar server config and already had such issues
> >and problems?
>
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>