setuid and setgid security issues -is system compromized?

[Cian Duffy]

That would be the command "w" and not "whois", as whois is used for
checking the owner of internet hosts....


On Sun, 30 Jan 2005 19:43:10 -0600, Felix Jodoin <felixj at shaw.ca> wrote:
> I wouldn't be able to guess if it's been compromised, but run regular "whois"'s (logged in users) and "top"'s (running processes).
> 
> ----- Original Message -----
> From: Andrew <virgule88 at videotron.ca>
> Date: Sunday, January 30, 2005 7:18 pm
> Subject: setuid and setgid security issues -is system compromized?
> 
> > Hey are we allowed to talk about possible security issues in here?
> > Im just dont know where to look. I tough about going on
> > linuxquestions.org or something but since Im running YDL I feel
> > like its YDL related. Other peoples could be concerned too.
> >
> > I'v been reading cert.org site and found quite a few setuids files
> > using this command, as suggested on the site.
> >        find / -user root -perm -4000 -print
> >
> >  I have the full results both on disk and paper. Many of them
> > contain 'passwd', 'login' and 'share' in the name. Im not paranoid
> > but I actually fell intrigued. I also noticed several weird .hidden
> > files in /tmp directory most of them starting with ssh-. I promptly
> > deleted them all and they're comming back! :-?
> >
> > thoughs?!?
> > _______________________________________________
> > yellowdog-general mailing list
> > yellowdog-general at lists.terrasoftsolutions.com
> > http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> > HINT: to Google archives, try  '<keywords>
> > site:terrasoftsolutions.com'
> 
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> 


-- 
---------------------------
"We're busy running out of time"
Bernard Sumner, 1993