Le jeudi 04 juin 2015 à 00:01 +0200, Michael Scherer a écrit : > Le mercredi 03 juin 2015 à 17:09 -0400, Kaleb Keithley a écrit : > > I just deleted an suid-root /tmp/usr/bin/suexec script from > > download.gluster.org > > We need to investigate a bit more...
And by that, I mean "we shouldn't remove clues". So it turn out that supercolony has the same issue : [root@supercolony tmp]# ls -l usr/sbin/suexec -r-s--x---. 1 root root 13984 Dec 19 16:05 usr/sbin/suexec Looking at the log, I was connected at the same time, but the ip look like the one of the coworking space I work from, so I do think either the log have been tempered with, or this didn't came from ssh. It look furiously similar to a regular suexec, same size of the binary, and dissambly do not so obvious difference ( I am not good enough to spot issue in the 3 lines of asm ). -- Michael Scherer Open Source and Standards, Sysadmin
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gluster-infra mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-infra
