From owner-freebsd-security  Sat Aug 25 11:54: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtp-server3.tampabay.rr.com (smtp-server3.tampabay.rr.com [65.32.1.41])
	by hub.freebsd.org (Postfix) with ESMTP id CEFCD37B409
	for <Freebsd-security@FreeBSD.ORG>; Sat, 25 Aug 2001 11:53:57 -0700 (PDT)
	(envelope-from colk@tampabay.rr.com)
Received: from kriss (24161242hfc240.tampabay.rr.com [24.161.242.240])
	by smtp-server3.tampabay.rr.com (8.11.2/8.11.2) with SMTP id f7PIrmU18699;
	Sat, 25 Aug 2001 14:53:49 -0400 (EDT)
Message-ID: <001201c12d97$46124a80$f0f2a118@tampabay.rr.com>
From: "Kristen Doyle" <colk@tampabay.rr.com>
To: "David Kirchner" <davidk@accretivetg.com>
Cc: "Mike" <wacky@blinx.net>,
	"Moo Moo Moo" <Freebsd-security@FreeBSD.ORG>
References: <20010825095954.I38221-100000@localhost>
Subject: Re: Question
Date: Sat, 25 Aug 2001 14:53:46 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

ahh ok i guess it must have paniced what kinds of things would make it
panic?
----- Original Message -----
From: "David Kirchner" <davidk@accretivetg.com>
To: "Kristen Doyle" <colk@tampabay.rr.com>
Cc: "Mike" <wacky@blinx.net>; "Moo Moo Moo" <Freebsd-security@FreeBSD.ORG>
Sent: Saturday, August 25, 2001 1:11 PM
Subject: Re: Question


> I'm not aware of any exploits for the shutdown command. If shutdown was
> used, you'll see it in the 'last' output and in /var/log/messages.
>
> On all of my FreeBSD systems, shutdown is setuid-root and is also owned by
> the operator group, so anyone in operator can reboot the box through
> shutdown.
>
> Without more information, I would guess that your server was rebooted
> through a different exploit, or perhaps it rebooted because it panic'd and
> you have DDB and DDB_UNATTENDED(IIRC) configured in the kernel.
>
> On Sat, 25 Aug 2001, Kristen Doyle wrote:
>
> > As i thought I belive someone exploited that to reboot the box ( its a
shell server with about 20 users on it so I only want shutdown really
working from su or with a password
> >   ----- Original Message -----
> >   From: Mike
> >   To: Kristen Doyle
> >   Sent: Saturday, August 25, 2001 12:29 PM
> >   Subject: Re: Question
> >
> >
> >   No shutdown does not need to be suid but if you do set it -s then I
would chmod 700 it.
> >   -Mike
> >     ----- Original Message -----
> >     From: Kristen Doyle
> >     To: Moo Moo Moo
> >     Sent: Saturday, August 25, 2001 12:25 PM
> >     Subject: Question
> >
> >
> >     Does anyone know if shutdown should be setuid to work or if it
dosent need it
> >
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message