10 messages in org.freebsd.freebsd-ispRe: Two sources for system-cracking t...| From | Sent On | Attachments |
|---|---|---|
| Wut!? | Dec 29, 1997 10:44 am | |
| UC Computer / Transbay.Net | Dec 29, 1997 1:39 pm | |
| Jordan K. Hubbard | Dec 29, 1997 8:44 pm | |
| Wut!? | Dec 30, 1997 2:02 am | |
| Mike | Dec 30, 1997 8:44 am | |
| Poul-Henning Kamp | Dec 30, 1997 10:24 am | |
| Mike | Dec 30, 1997 12:45 pm | |
| Blaine Minazzi | Dec 30, 1997 1:37 pm | |
| Eric C. S. Dynamic | Dec 30, 1997 4:19 pm | |
| Michael Slater | Dec 30, 1997 5:12 pm |
| Subject: | Re: Two sources for system-cracking tools | |
|---|---|---|
| From: | Michael Slater (mik...@atlas.iexpress.net.au) | |
| Date: | Dec 30, 1997 5:12:22 pm | |
| List: | org.freebsd.freebsd-isp | |
That actually happend to me once, but it was a while ago when i was using the buggy version of wu.ftpd . I fixed that particular bug a while ago.
Michael
On Tue, 30 Dec 1997, Eric C. S. Dynamic wrote:
Mike wrote:
On Tue, 30 Dec 1997, Wut!? wrote:
Yeah, Rootshell.com isn't very good with his information, and there is a very simple explanation why .. (He runs linux!)..
[...]- saying "He runs linux" is an explanation for poor logic is like saying [...]
He (rootshell) got the data from somewhere, maybe it's wrong. No point in being bigoted against Linux. When I justify choosing FreeBSD over Linux I just tell people it's real BSD and that it has a reputation for being more robust, that we use it and there's only one kind. And I don't care to learn about another sorta-similar, sort-different system unless I have to (no time.)
Meanwhile, I reported those two sources for hacker-stuff out as a notice (what land doc said of itself) and a question (does teardrop work if you're not using the firewall.) Someone hacked our system by creating an executable suid-root copy of /bin/sh in /tmp, and this is the second time someone's been able to do that, this time I discovered it about 12 minutes after the file was created, but I'd like to know "how they do that" and I'd like to plug the hole. The user I axed had a dozen-plus hack'em crack'em thingys lying around, for experimentation. Maybe one of them works, but which one? A lot of them try to manipulate the stack at a machine level, apparently.
If the suid-root /bin/sh in /tmp rings a bell, let me know a countermeasure. Thanks.