Re: Derek's been hacked

[Karl J. Runge]

On Sat, 22 Apr 2000, Tom Rauschenbach <[EMAIL PROTECTED]> wrote:
> 
> 
> 
> Um, I just decided to check and I noticed that my /bin/sh is suid.  
> -rwsr-xr-x   1 root     root        20164 Apr 17  1999 /bin/login  
> 
> Should I be freaking out ?

For /bin/sh? Yes. For /bin/login? No. 

/bin/login needs to be able to change to the userid who is logging in
(e.g. via something like setuid(2)). In some cases /bin/login is run
by an unprivileged process.


Karl Runge


**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************