-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > What does "file /var/qmail/bin/qmail-queue" say? What happens if you run
> > qmail-queue as a normal user with no parameters or input? (Be careful,
> > you might have a hard time killing it off.)
>
> Boy, you were right on that one ;-) Ok, when I ran qq as root, it said
> nothing.
> I guess it just started running until I telneted in on another session
> and killed
> it. If I ran it as admin (default login) it told me:
>
> bash: ./qmail-queue: Operation not permitted
> -rws--x--x 1 qmailq qmail 22136 Jul 20 15:00 qmail-queue
> It is the *only* file in the /var/qmail/bin directory that has those
> owners/permissions. The other are all root/qmail and either 755, 711 or
> 700 To me that seems kind of strange. I would think that they should be
> owned by one of the qmail users or the qmail group.
What system (with what patches) are you running? I would think
that it doesn't allow SUID binaries in world writable directories.
BTW, paranoid as I am, I would consider everything inside
/var/qmail/bin compromised, delete it and reinstall. Only if you're
sure that noone has logged onto your computer...
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBN6V2XVMwP8g7qbw/EQIGWwCfehNj0G25o9097AsnrEiZVoix3B4An3DG
YFCiXGbUzxbCGXwgxFtFrTsy
=laEV
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
