Strange command histories in hacked shell server

Richard Kojedzinszky krichy at tvnetwork.hu
Fri Dec 17 08:08:36 PST 2004


DEar all,

if you do su, uid and euid changes together. but when you issue passwd, a
setuid root, uid remains your uid, that is where passwd knows who is
executing him.

Kojedzinszky Richard
TvNetWork Rt.
E-mail: krichy at tvnetwork.hu
PGP: 0x24E79141
  Fingerprint = 6847 ECFF EF58 0C09 18A5  16CF 270F 0C6F 24E7 9141

On Fri, 17 Dec 2004, Jerry Bell wrote:

> Did I understand correctly, that anyone can connect to the shell server
> and create an account for themselves?
>
> I have a somewhat rudimentry hardening guide for FreeBSD at
> http://www.syslog.org/Content-5-4.phtml
> I've tried to keep it up-to-date, but I have yet to incorporate MAC, which
> I think will help out a good bit more.
>
> I hope you find this a useful.
>
> Jerry
> http://www.syslog.org
>
> Ganbold <ganbold <at> micom.mng.net> wrote:
> >Please give me some advice and info regarding this kind of hack.
> >What should I do in order to secure my shell server? I mean except
> >securelevel, unneeded services etc.
> >Can somebody give me some hints on file and directory permissions?
> >Is there anybody who has similar server config and already had such issues
> >and problems?
>
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>


More information about the freebsd-security mailing list