Date: Sat, 25 Aug 2001 14:53:46 -0400 From: "Kristen Doyle" <colk@tampabay.rr.com> To: "David Kirchner" <davidk@accretivetg.com> Cc: "Mike" <wacky@blinx.net>, "Moo Moo Moo" <Freebsd-security@FreeBSD.ORG> Subject: Re: Question Message-ID: <001201c12d97$46124a80$f0f2a118@tampabay.rr.com> References: <20010825095954.I38221-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
ahh ok i guess it must have paniced what kinds of things would make it panic? ----- Original Message ----- From: "David Kirchner" <davidk@accretivetg.com> To: "Kristen Doyle" <colk@tampabay.rr.com> Cc: "Mike" <wacky@blinx.net>; "Moo Moo Moo" <Freebsd-security@FreeBSD.ORG> Sent: Saturday, August 25, 2001 1:11 PM Subject: Re: Question > I'm not aware of any exploits for the shutdown command. If shutdown was > used, you'll see it in the 'last' output and in /var/log/messages. > > On all of my FreeBSD systems, shutdown is setuid-root and is also owned by > the operator group, so anyone in operator can reboot the box through > shutdown. > > Without more information, I would guess that your server was rebooted > through a different exploit, or perhaps it rebooted because it panic'd and > you have DDB and DDB_UNATTENDED(IIRC) configured in the kernel. > > On Sat, 25 Aug 2001, Kristen Doyle wrote: > > > As i thought I belive someone exploited that to reboot the box ( its a shell server with about 20 users on it so I only want shutdown really working from su or with a password > > ----- Original Message ----- > > From: Mike > > To: Kristen Doyle > > Sent: Saturday, August 25, 2001 12:29 PM > > Subject: Re: Question > > > > > > No shutdown does not need to be suid but if you do set it -s then I would chmod 700 it. > > -Mike > > ----- Original Message ----- > > From: Kristen Doyle > > To: Moo Moo Moo > > Sent: Saturday, August 25, 2001 12:25 PM > > Subject: Question > > > > > > Does anyone know if shutdown should be setuid to work or if it dosent need it > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001201c12d97$46124a80$f0f2a118>