From owner-freebsd-security Wed Jul 22 11:01:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA19380 for freebsd-security-outgoing; Wed, 22 Jul 1998 11:01:26 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19373 for ; Wed, 22 Jul 1998 11:01:24 -0700 (PDT) (envelope-from jkh@time.cdrom.com) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.8/8.8.8) with ESMTP id KAA15003; Wed, 22 Jul 1998 10:59:49 -0700 (PDT) (envelope-from jkh@time.cdrom.com) To: Brett Glass cc: ben@rosengart.com, Jim Shankland , ahd@kew.com, leec@adam.adonai.net, security@FreeBSD.ORG Subject: Re: hacked and don't know why In-reply-to: Your message of "Wed, 22 Jul 1998 10:35:51 MDT." <199807221635.KAA06020@lariat.lariat.org> Date: Wed, 22 Jul 1998 10:59:49 -0700 Message-ID: <14999.901130389@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Well, even someone parading around as root wouldn't have much purpose > in changing the ownership of files to User 30005 (no ID) or in changing > the group ownership to random gid's. Very obvious and not good for hacking. You're assuming that the hackers knew what they were doing or that they didn't attempt to run other exploit scripts which malfunctioned. > files. There was definitely a malfunction on the system level. I still see no proof of that. This is poor science without any actual evidence to back it up and you're merely engaging in speculation here. To say something is "definitely" a certain way without clear proof of it does not enhance one's credibility. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message