[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fsck -> local root

To: RSC <rsctm@freemail.hu>
Subject: Re: fsck -> local root
From: "Brian K. West" <obsd@pridemania.com>
Date: Wed, 3 Jul 2002 12:43:24 -0500 (CDT)
Cc: tech@openbsd.org

Your shells should *NOT* have suid set.  something had to do it.  Your box
is owned dude.

chmod 755 /bin/sh

Think about it.  Your /bin/sh has suid.. which means when it runs it drops
a root prompt... thats bad mmmmkay.  *SMACK*

bkw

On Wed, 3 Jul 2002, RSC wrote:

> Hello,
>
> Some days ago there was a powerbreak, some files was damaged on my
> box. The most interest thing, that 'whoami' showed 'root' for each
> users. I had no idea, cause /usr/bin/id -un told the correct username.
> The answer is the following:
> /bin/sh had suid flag, but /usr/local/bin/bash the default shell not.
> So if any of the users started a standard sh shell, he got a root
> shell.
> My box wasn't hacked, it is sure.
> Then my question is: is it possible that fsck set the suid flag after
> the reboot?
>
> Thanks in advance...
>
> --
> Best regards,
>  RSC                            mailto:rsctm@freemail.hu

References:
- fsck -> local root
  - From: RSC <rsctm@freemail.hu>

Prev by Date: fsck -> local root
Next by Date: Re: Alpha Boot Failure
Prev by thread: fsck -> local root
Next by thread: Re: Alpha Boot Failure
Index(es):
- Date
- Thread