Subject: Re[2]: setuid files
To: None <netbsd-help@netbsd.org>
From: CEBKA <CEBKA@smtp.ru>
List: netbsd-help
Date: 04/26/2003 00:36:30
Hello, Jeremy.
You wrote at 25.04.2003, :
JCR> On Fri, 25 Apr 2003, Daniel Eggert wrote:
>> Then onto the more interesting question: How could this happen? Someone
>> must have gained root privileges, or am I mistaken?
>>
>> Should I conclude, that something / someone comprimised my security?
JCR> I just assumed that someone updated your system from 1.6 to 1.6.1
Someone??? lol I think, that each setuid file(especcially scripts)
should è checked carefully, use some tools, like tripwire and check
for @updates@. So I think, that you need to update your system
completely from good source(CD-ROM). Because many exploits are made
through SUID programmes.
JCR> These various commands that are setuid (or setgid) appear to be normal.
JCR> But if you don't know of any update, then I don't know.
JCR> Jeremy C. Reed
JCR> http://bsd.reedmedia.net/
--
Best regards,
CEBKA mailto:CEBKA@smtp.ru