Date: Sat, 25 Aug 2001 10:11:02 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: Kristen Doyle <colk@tampabay.rr.com> Cc: Mike <wacky@blinx.net>, Moo Moo Moo <Freebsd-security@FreeBSD.ORG> Subject: Re: Question Message-ID: <20010825095954.I38221-100000@localhost> In-Reply-To: <000b01c12d8a$350d85e0$f0f2a118@tampabay.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm not aware of any exploits for the shutdown command. If shutdown was used, you'll see it in the 'last' output and in /var/log/messages. On all of my FreeBSD systems, shutdown is setuid-root and is also owned by the operator group, so anyone in operator can reboot the box through shutdown. Without more information, I would guess that your server was rebooted through a different exploit, or perhaps it rebooted because it panic'd and you have DDB and DDB_UNATTENDED(IIRC) configured in the kernel. On Sat, 25 Aug 2001, Kristen Doyle wrote: > As i thought I belive someone exploited that to reboot the box ( its a shell server with about 20 users on it so I only want shutdown really working from su or with a password > ----- Original Message ----- > From: Mike > To: Kristen Doyle > Sent: Saturday, August 25, 2001 12:29 PM > Subject: Re: Question > > > No shutdown does not need to be suid but if you do set it -s then I would chmod 700 it. > -Mike > ----- Original Message ----- > From: Kristen Doyle > To: Moo Moo Moo > Sent: Saturday, August 25, 2001 12:25 PM > Subject: Question > > > Does anyone know if shutdown should be setuid to work or if it dosent need it > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010825095954.I38221-100000>