setuid and setgid security issues -is system compromized?
Felix Jodoin
felixj at shaw.ca
Sun Jan 30 18:43:10 MST 2005
I wouldn't be able to guess if it's been compromised, but run regular "whois"'s (logged in users) and "top"'s (running processes).
----- Original Message -----
From: Andrew <virgule88 at videotron.ca>
Date: Sunday, January 30, 2005 7:18 pm
Subject: setuid and setgid security issues -is system compromized?
> Hey are we allowed to talk about possible security issues in here?
> Im just dont know where to look. I tough about going on
> linuxquestions.org or something but since Im running YDL I feel
> like its YDL related. Other peoples could be concerned too.
>
> I'v been reading cert.org site and found quite a few setuids files
> using this command, as suggested on the site.
> find / -user root -perm -4000 -print
>
> I have the full results both on disk and paper. Many of them
> contain 'passwd', 'login' and 'share' in the name. Im not paranoid
> but I actually fell intrigued. I also noticed several weird .hidden
> files in /tmp directory most of them starting with ssh-. I promptly
> deleted them all and they're comming back! :-?
>
> thoughs?!?
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try '<keywords>
> site:terrasoftsolutions.com'
More information about the yellowdog-general
mailing list