From owner-freebsd-questions@FreeBSD.ORG Tue Oct 23 21:47:44 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4FD816A417 for ; Tue, 23 Oct 2007 21:47:44 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id AE2AD13C48D for ; Tue, 23 Oct 2007 21:47:44 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id 09BCB3C04BD; Tue, 23 Oct 2007 14:47:11 -0700 (PDT) Date: Tue, 23 Oct 2007 14:47:09 -0700 From: Christopher Cowart To: Adam J Richardson Message-ID: <20071023214709.GF57955@hal.rescomp.berkeley.edu> Mail-Followup-To: Adam J Richardson , Mayank Jain , freebsd-questions@freebsd.org References: <200710221851.48278.mayank@in.niksun.com> <20071022202157.GF57955@hal.rescomp.berkeley.edu> <471E54E0.5070200@crackmonkey.us> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+OcHDfVcPO70+1iC" Content-Disposition: inline In-Reply-To: <471E54E0.5070200@crackmonkey.us> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.16 (2007-06-09) Cc: Mayank Jain , freebsd-questions@freebsd.org Subject: Re: su: not running setuid X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2007 21:47:44 -0000 --+OcHDfVcPO70+1iC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 23, 2007 at 09:09:04PM +0100, Adam J Richardson wrote: > Christopher Cowart wrote: >> Unless you can find some local privilege escalation exploit, I'm >> thinking you're stuck. You can probably fix it in single-user mode: >> * Reboot >> * Pick single user mode from the boot menu >> * Accept the default shell >> $ fsck -p >> $ mount -u / >> $ mount -a -t ufs >> $ chown root /usr/bin/su >> But if the command above ran to completion, you probably have a mess of >> permissions on your filesystem. You may want to look into rebuilding / >> reinstalling world while you're in single.=20 >=20 > What about going to single user mode and editing /etc/passwd so the "root= "=20 > line has the username "uname"? Or add user "uname" with UID 0? The chown command would have looked up "uname" via libnss and used the numeric UID to alter the filesystem entries. The most you could do here is change the symbolic name for the "uname" user and make the ls -l output look different. Either way, you're stuck with the files on the filesystem not being owned by UID 0. I would highly recommend not mucking with /etc/passwd and letting rebuild world fix things. --=20 Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley --+OcHDfVcPO70+1iC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBRx5r3SPHEDszU3zYAQLp5w//akAqWLdm5pTTIP53S4FAthFKyj+/02+D ibKCpKamYWz4DJLO+NJn2/56ZIJxFopVtE4sMy3TCnmD0ZKaVqedF+q6rrdSQcO0 VXTdVn2QeehNdCZoBzfnPTgxZ43LdxT/wxe43OcT7c1yb9gI5UALQtvfymTSTISG fLMBmqXi/xBQgz+R+JFBQIMNj0HJCt2N0QhqJVwQZggJgjtZVA6SdfFJtjB+WqsT 4S+Hg+rqUariKjxErXOb/NnxZ4Fwd0oYTNCARYpUYl+UZbBWlUCvAYN72rlXVCkA 8Pil82EGcv9XoVt+vYp/qHyKz/U+Hie5Wl5CpxiRx2zyFr15ShokNsOZKVG0wzyu gkQXY7qtIxoQTWwkiTw0niSp/YbSyU9sQqC848sRP14BgVX00lNMPeW/HF1ZmFV1 6ilQfkCpcVXANUZeNEX3igV6lzHOtKG9dcSCWGQx3CisoCwvhmkt5BXvdn6ld9zk 6uN3eCQIB5tXF/U7rzQ1mZCKTqOTyAflgseqncqk9WmlHkUh1N2Ip4HSon3dBPAQ ZhoFNYI8HFnCK/kyYtkJg2E1jpWgpVs8tMGbq7EVN6VxgE029wqMjIsRhnRy7gDm py9TUfE5wadt+KIXcXl7tQajfVGkaVsy5Z/JXIy6Tfzk843P3fHGdq+3QRGeEgqV O/NRD4qAH/U= =MnPW -----END PGP SIGNATURE----- --+OcHDfVcPO70+1iC--