Date: Tue, 10 Jun 1997 23:21:41 +0200 From: Peter Korsten <peter@grendel.IAEhv.nl> To: Yuang Shuang-Long <edward@FreeBSD.cs.nccu.edu.tw> Cc: freebsd-security@FreeBSD.ORG Message-ID: <19970610232141.02938@hw.nl> In-Reply-To: <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw>; from Yuang Shuang-Long on Tue, Jun 10, 1997 at 10:54:54PM %2B0000 References: <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
Yuang Shuang-Long shared with us: > I have a trouble that some users use the following prog. to get > root privilege, and the more they do some destructive thing. (eg. > delete some file /var/log/* :-( ) I need your help... > > [code fragment deleted] Perhaps I'm confused here, but I don't think this program could do any harm, except when it's run as setuid root. So find / -user 0 -perm -04000 should give you all setuid root programs on the system. But doesn't the daily security run complain about setuid programs that have been added? Perhaps the solution would be to make a backup of your /etc tree, reboot the system in single user mode, type find / -user 0 -perm -04000 | xargs chmod -s reinstall the system and replace the /etc tree after checking for obvious things like uid's of 0 in the password file. Note that above method is very drastic and I suppose that a more-into-secu- rity person has a more elegant solution. In other words, don't try it. - Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970610232141.02938>