From owner-freebsd-security@FreeBSD.ORG Fri Dec 17 16:08:36 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24EAA16A4CE for ; Fri, 17 Dec 2004 16:08:36 +0000 (GMT) Received: from krichy.tvnetwork.hu (krichy.TvNetWork.Hu [80.95.68.194]) by mx1.FreeBSD.org (Postfix) with SMTP id 90DA343D53 for ; Fri, 17 Dec 2004 16:08:34 +0000 (GMT) (envelope-from krichy@tvnetwork.hu) Received: (qmail 2419 invoked by uid 1000); 17 Dec 2004 16:08:33 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 17 Dec 2004 16:08:33 -0000 Date: Fri, 17 Dec 2004 17:08:33 +0100 (CET) From: Richard Kojedzinszky To: Jerry Bell In-Reply-To: <2641.209.134.164.137.1103298695.squirrel@209.134.164.137> Message-ID: References: <2641.209.134.164.137.1103298695.squirrel@209.134.164.137> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: re: Strange command histories in hacked shell server X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 16:08:36 -0000 DEar all, if you do su, uid and euid changes together. but when you issue passwd, a setuid root, uid remains your uid, that is where passwd knows who is executing him. Kojedzinszky Richard TvNetWork Rt. E-mail: krichy@tvnetwork.hu PGP: 0x24E79141 Fingerprint = 6847 ECFF EF58 0C09 18A5 16CF 270F 0C6F 24E7 9141 On Fri, 17 Dec 2004, Jerry Bell wrote: > Did I understand correctly, that anyone can connect to the shell server > and create an account for themselves? > > I have a somewhat rudimentry hardening guide for FreeBSD at > http://www.syslog.org/Content-5-4.phtml > I've tried to keep it up-to-date, but I have yet to incorporate MAC, which > I think will help out a good bit more. > > I hope you find this a useful. > > Jerry > http://www.syslog.org > > Ganbold micom.mng.net> wrote: > >Please give me some advice and info regarding this kind of hack. > >What should I do in order to secure my shell server? I mean except > >securelevel, unneeded services etc. > >Can somebody give me some hints on file and directory permissions? > >Is there anybody who has similar server config and already had such issues > >and problems? > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >