From owner-freebsd-security Wed Jul 22 09:36:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA04212 for freebsd-security-outgoing; Wed, 22 Jul 1998 09:36:41 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA04133 for ; Wed, 22 Jul 1998 09:36:19 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id KAA06020; Wed, 22 Jul 1998 10:35:54 -0600 (MDT) Message-Id: <199807221635.KAA06020@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 22 Jul 1998 10:35:51 -0600 To: "Jordan K. Hubbard" From: Brett Glass Subject: Re: hacked and don't know why Cc: ben@rosengart.com, Jim Shankland , ahd@kew.com, leec@adam.adonai.net, security@FreeBSD.ORG In-Reply-To: <14690.901124597@time.cdrom.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:23 AM 7/22/98 -0700, Jordan K. Hubbard wrote: >But tou have no idea as to whether or not this was directly due to the >attack or to the hacker's subsequent parading around as root. Well, even someone parading around as root wouldn't have much purpose in changing the ownership of files to User 30005 (no ID) or in changing the group ownership to random gid's. Very obvious and not good for hacking. Also, the ownership changed to strange things when OTHERS touched their files. There was definitely a malfunction on the system level. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message