Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.sdsmt.edu!news.mid.net!newsfeeder.gi.net!newsfeed.internetmci.com!news.zeitgeist.net!vnetnews.value.net!not-for-mail From: patrick@value.net () Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: BSDI security Date: 6 Aug 1996 15:28:16 GMT Organization: Value Net Internetwork Services Inc. Lines: 28 Message-ID: <4u7oag$8vj@vnetnews.value.net> References: <Pine.BSI.3.94.960805093815.17110A-100000@picard.chickasaw.com> NNTP-Posting-Host: value.net X-Newsreader: TIN [UNIX 1.3 950824BETA PL0] Shawn McMahon (smcmahon@chickasaw.com) wrote: : Does anyone know of a way that a person could su himself to root on a : BSDI system, without having his name in the "wheel" group? Do you have sudo installed? That would allow a person to do it easily if a previous break-in had occured. There are a hundred other ways if they have previously penetrated your system. Set-uid programs, trojans, the list goes on and on. : Whether with or without knowledge of the root password, is there a way? Yes. : And, is there a defense? Yes, however you need to determine the method of penetration and programs added/altered/affected. If you cannot do that, then you are looking at reinstalling. Do you have backups to compare against?(although if this problem has existed for a while they may not be helpful.) /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell (510) 943-5769 voice Systems Administrator (510) 210-2000 modem Value Net, Inc. (510) 943-1708 fax \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/