[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBSD box compromised. (WAS:Re: Help: I can´t_do_su_(su: invalid script: /usr/libexec/auth/login_krb4-or-pwd))
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: OpenBSD box compromised. (WAS:Re: Help: I can´t_do_su_(su: invalid script: /usr/libexec/auth/login_krb4-or-pwd))
- From: "Alex Holst" <a_(_at_)_mongers_(_dot_)_org>
- Date: Thu, 15 Aug 2002 16:36:21 +0200
- Mail-followup-to: Alex Holst <a_(_at_)_mongers_(_dot_)_org>, misc_(_at_)_openbsd_(_dot_)_org
Quoting Carlos Lopez (clopmz_(_at_)_yahoo_(_dot_)_com):
> I have verified that 002_sudo patch is applied....
> If I recompile this patch, the problem will be
> temporally solved ???
No, go read the CERT/CC document, god damn it. You'll need to backup
your data and reinstall your machine.
Depending on my mood I find it depressing or funny how idiots like you
have been sheltered all these years due to OpenBSD's stance on security,
and with just one remote vulnerability in the default install, you're
completely fucked. You have no idea what you're doing. Technology won't
save your ass; you actually need to think about how you're using it.
There. I feel better.
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow. http://a.mongers.org