4203:31337 (possible exploit?)

Mike -freebsd mike.freebsd at gmail.com
Sat Nov 10 08:59:35 PST 2007


On Nov 10, 2007 5:28 PM, Kris Kennaway <kris at freebsd.org> wrote:

> > Sounds like you may have a security problem (re: "31337" GID).  If
> > that's the case, I would strongly advocate formatting + reinstalling
> > those machines.
>
> I asked because that is the uid/gid used on pointyhat ;)
>
> Kris
>
>
Well, I've dug up all available backups and what I can tell is that
those uid/gid propagated with the rest of the ports tree from a main
box used here for builds, installations and updates to the whole
network. Stupid me had weekly noid reports disabled on all of them,
except the last one added recently that finally caught it. The problem
was there present for at least three, possibly four months...

BUT I'm 95% sure that the main ports three was never downloaded via
anything else than c[v]sup + supfile with default host set to eiter
ftp.freebsd.org, or one of the official mirrors, for a past few years.
I wish I could tell you more, but I see nothing even remotely
connected to pointyhat, as there is no point of using any other than
official ports repo for productional machines. OTOH, you wont believe
how glad I was to hear that those are pointyhat IDs.. The "31337"
scared the shit ot of me :(


More information about the freebsd-ports mailing list