From owner-freebsd-security Mon Dec 9 23:09:04 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id XAA22071 for security-outgoing; Mon, 9 Dec 1996 23:09:04 -0800 (PST) Received: from eternal.dusk.net (root@eternal.dusk.net [207.219.16.2]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id XAA22058 for ; Mon, 9 Dec 1996 23:09:02 -0800 (PST) Received: (from vlad@localhost) by eternal.dusk.net (8.8.4/8.8.4) id DAA04542; Tue, 10 Dec 1996 03:07:51 -0400 (AST) From: Christian Hochhold Message-Id: <199612100707.DAA04542@eternal.dusk.net> Subject: Re: URGENT... question regarding posted answer To: karl@Mcs.Net (Karl Denninger) Date: Tue, 10 Dec 1996 03:07:51 -0400 (AST) Cc: freebsd-security@freebsd.org In-Reply-To: <199612100602.AAA05680@Jupiter.Mcs.Net> from Karl Denninger at "Dec 10, 96 00:02:21 am" X-URL: http://www.dusk.net & http://www.vampires.net X-Moto: Live for today and let the future take care of itself X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello.. If you don't run programs such as... ident, ftp, telnet to mention but a few as root, whom would you run them as? Thanks, Christian > What is in /etc/inetd.conf that runs things as root? Anything listed > as root in there may as well be SUID root; add them to the list > of suspects.