Date: Tue, 30 Dec 1997 16:19:47 -0800 From: "Eric C. S. Dynamic" <ecsd@transbay.net> To: isp@freebsd.org, security@freebsd.org Cc: "Wut!?" <geniusj@bsd.dialup.bestweb.net> Subject: Re: Two sources for system-cracking tools Message-ID: <34A98FA3.42877E5C@transbay.net> References: <Pine.BSF.3.96.971230113812.10278A-100000@seidata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike wrote: > On Tue, 30 Dec 1997, Wut!? wrote: > > Yeah, Rootshell.com isn't very good with his information, and there is a > > very simple explanation why .. (He runs linux!).. > > [...]- saying "He runs linux" is an > explanation for poor logic is like saying [...] He (rootshell) got the data from somewhere, maybe it's wrong. No point in being bigoted against Linux. When I justify choosing FreeBSD over Linux I just tell people it's real BSD and that it has a reputation for being more robust, that we use it and there's only one kind. And I don't care to learn about another sorta-similar, sort-different system unless I have to (no time.) Meanwhile, I reported those two sources for hacker-stuff out as a notice (what land doc said of itself) and a question (does teardrop work if you're not using the firewall.) Someone hacked our system by creating an executable suid-root copy of /bin/sh in /tmp, and this is the second time someone's been able to do that, this time I discovered it about 12 minutes after the file was created, but I'd like to know "how they do that" and I'd like to plug the hole. The user I axed had a dozen-plus hack'em crack'em thingys lying around, for experimentation. Maybe one of them works, but which one? A lot of them try to manipulate the stack at a machine level, apparently. If the suid-root /bin/sh in /tmp rings a bell, let me know a countermeasure. Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34A98FA3.42877E5C>