Strange command histories in hacked shell history

Ganbold ganbold at micom.mng.net
Sun Dec 19 01:51:23 PST 2004


At 09:35 AM 12/19/2004, you wrote:
> > You could change the permissions on the su binary, so that only users 
> in the wheel group can even
> > execute su. that way, when a non-wheel user attempts to su to a user in 
> the wheel group, they simply
> > get permission denied.
>
>This is a really good idea.  I decided to try it as root and chmod gave me
>chmod: su: Operation Not Permitted!  The nerve!  I'll have to have a look
>at that more carefully later :)

Yes, I like this idea too. I'll try it for sure.

>As a side note, I think Bill's point about 2 passwords to break is pretty
>strong in my point of view.  Just for simplicity's sake (in both security
>and in design), "the su stack" really shouldn't be any larger than 1.  No
>su'ing twice, or N number of times.

That could be useful option too.

>Hmm, I wonder if there is an option
>for setting that.  I suppose someone might have a purpose to, but if they
>really need to be doing that, I think they have a problem in their own
>designs.

Anyway, thanks for all who read my annoying email and responded :)
Still I don't know yet how hacker got into the system, but
I'll try my best and I hope I will find more in hacked PC in next couple of 
days.

thanks a lot,

Ganbold





>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-security mailing list