[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fsck -> local root
Your shells should *NOT* have suid set. something had to do it. Your box
is owned dude.
chmod 755 /bin/sh
Think about it. Your /bin/sh has suid.. which means when it runs it drops
a root prompt... thats bad mmmmkay. *SMACK*
On Wed, 3 Jul 2002, RSC wrote:
> Some days ago there was a powerbreak, some files was damaged on my
> box. The most interest thing, that 'whoami' showed 'root' for each
> users. I had no idea, cause /usr/bin/id -un told the correct username.
> The answer is the following:
> /bin/sh had suid flag, but /usr/local/bin/bash the default shell not.
> So if any of the users started a standard sh shell, he got a root
> My box wasn't hacked, it is sure.
> Then my question is: is it possible that fsck set the suid flag after
> the reboot?
> Thanks in advance...
> Best regards,
> RSC mailto:firstname.lastname@example.org