Strange command histories in hacked shell history
Ganbold
ganbold at micom.mng.net
Sun Dec 19 01:51:23 PST 2004
At 09:35 AM 12/19/2004, you wrote:
> > You could change the permissions on the su binary, so that only users
> in the wheel group can even
> > execute su. that way, when a non-wheel user attempts to su to a user in
> the wheel group, they simply
> > get permission denied.
>
>This is a really good idea. I decided to try it as root and chmod gave me
>chmod: su: Operation Not Permitted! The nerve! I'll have to have a look
>at that more carefully later :)
Yes, I like this idea too. I'll try it for sure.
>As a side note, I think Bill's point about 2 passwords to break is pretty
>strong in my point of view. Just for simplicity's sake (in both security
>and in design), "the su stack" really shouldn't be any larger than 1. No
>su'ing twice, or N number of times.
That could be useful option too.
>Hmm, I wonder if there is an option
>for setting that. I suppose someone might have a purpose to, but if they
>really need to be doing that, I think they have a problem in their own
>designs.
Anyway, thanks for all who read my annoying email and responded :)
Still I don't know yet how hacker got into the system, but
I'll try my best and I hope I will find more in hacked PC in next couple of
days.
thanks a lot,
Ganbold
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list