Re: Possible system breach due to an improper command

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 04/18/03 

From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 18 Apr 2003 16:08:28 GMT

djcameron60616@yahoo.com (stg-delfuego) writes:

]Hello,

]I was wondering if someone can tell me what I may have inadvertantly
]done, and what I should do to correct the matter.

]I have a unix shell from a local isp, and I was doing some unix stuff,
]and decided to make my file more private. I issued a chmod command on
]dot-files (i.e. .plan, .login, etc). The actual command was chmod 460
].*

As stated in anther thread this is a very silly use of chmod. It will
lock you out of your own home directory (no search permission) and will
try to lock the directoy one level up as well. (..)

]Well, the next thing I know I am out of my locked shell and in root,
]with more privelege than i thought. This is on BSD.

I have no idea how this would be, unless youthought that was what had
happened when something else had.(what is the evidence that you were
root?)

If youactually became root, that would mean that the system had been
cracked and someone had inserted a rogue chmod.

]I called the ISP and left two messages with the operator to have the
]sysadmin call me back, and sent a mail to root@the-sip.

]I had logging enabled for my session, so I can tell them exactly what
]I did and how the system responded. I am afraid I may altered system
]binaries.

Well, probably not, but you may well have messed up your own home
directory.

Relevant Pages

  • Re: Possible system breach due to an improper command
    ... As stated in anther thread this is a very silly use of chmod. ... lock you out of your own home directory and will ... try to lock the directoy one level up as well. ... ]Well, the next thing I know I am out of my locked shell and in root, ...
    (comp.security.misc)
  • Re: Disk Druid - Fedora flame #1
    ... What I do as root, ... Root's home directory should contain very little: ... part of a minimal boot environment. ... And the root filesystem should be as small as reasonably possible, ...
    (Fedora)
  • Re: X11Forwarding, ssh -X, and /bin/su
    ... ]>but I'm not really tunneled using ssh then, ... ]connecting to the X server and have the home directory NFS-mounted ... ](unless you leave root unmapped over NFS, ... ]root-readable place and set the environment $XAUTHORITY variable ...
    (comp.security.ssh)
  • Re: Shared User Folders and printer setup
    ... only mapping to the root? ... I have a 2003 standard server setup running as a Terminal Server to allow our other location to access our main SBS 2003 server and run our Mfg/accntg software. ... In order to get this software to work Trans-Micro (the makers of Check Factory) have a detailed procedure that allows multiple Terminal Server users to run the software at the same time. ... Does anyone have any idea why and how can I get it to look at the Home directory path Z: ...
    (microsoft.public.windows.terminal_services)
  • Re: Excellent news.. Malware for OS X!
    ... compromise and that nothing is immune. ... If it isn't already running as root, it will ask for the password ... the majority of Mac users, then malware has an even larger reach. ... Another method of avoiding that is to simply copy everything in /Applications to somewhere in your home directory and changing links appropriately. ...
    (comp.sys.mac.advocacy)