Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Jun 1997 23:21:41 +0200
From:      Peter Korsten <peter@grendel.IAEhv.nl>
To:        Yuang Shuang-Long <edward@FreeBSD.cs.nccu.edu.tw>
Cc:        freebsd-security@FreeBSD.ORG
Message-ID:  <19970610232141.02938@hw.nl>
In-Reply-To: <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw>; from Yuang Shuang-Long on Tue, Jun 10, 1997 at 10:54:54PM %2B0000
References:  <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw>

next in thread | previous in thread | raw e-mail | index | archive | help
Yuang Shuang-Long shared with us:
> 	I have a trouble that some users use the following prog. to get
>   root privilege, and the more they do some destructive thing. (eg. 
>   delete some file /var/log/* :-( ) I need your help...
> 
> [code fragment deleted]

Perhaps I'm confused here, but I don't think this program could
do any harm, except when it's run as setuid root. So

	find / -user 0 -perm -04000

should give you all setuid root programs on the system. But doesn't
the daily security run complain about setuid programs that have
been added? Perhaps the solution would be to make a backup of your
/etc tree, reboot the system in single user mode, type

	find / -user 0 -perm -04000 | xargs chmod -s

reinstall the system and replace the /etc tree after checking for
obvious things like uid's of 0 in the password file. Note that
above method is very drastic and I suppose that a more-into-secu-
rity person has a more elegant solution. In other words, don't
try it.

- Peter



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970610232141.02938>