PHWinfo - Afficher un message

24/10/2006, 18h44

Unruh <unruh-spam@physics.ubc.ca> writes:

> It is however also crucial that you scan the stuff you reinstall as well.
> When I was broken into I found files scattered all over the file system--
> /tmp, /dev/, /home, ....
> which were suid shells-- ie anyone knowing about them if they had any entry
> at all onto the machine could simply run that program and be root.
>
> Ie, scan all of the files you restore for suid
> find / -perm +6000 -ls
> check each one to see if it should be suid. su is fine. /tmp/banana
> is not.

This is a good anecdote as why reformating is a good first step before
the reinstall.

--
Todd H.
http://www.toddh.net/

24/10/2006, 18h44	#8
Todd H. Messages: n/a Hébergeur:	Re: Hacker on my system ? Unruh <unruh-spam@physics.ubc.ca> writes: > It is however also crucial that you scan the stuff you reinstall as well. > When I was broken into I found files scattered all over the file system-- > /tmp, /dev/, /home, .... > which were suid shells-- ie anyone knowing about them if they had any entry > at all onto the machine could simply run that program and be root. > > Ie, scan all of the files you restore for suid > find / -perm +6000 -ls > check each one to see if it should be suid. su is fine. /tmp/banana > is not. This is a good anecdote as why reformating is a good first step before the reinstall. -- Todd H. http://www.toddh.net/