Hello list Thanks to all who replied. I also suspected some foul play but now I am not so sure. I now suspect a know it all operator working for my client. The actual fault was found to be the mode changed on /bin/su. For some reason the mode was rwxr-xr-x instead of what it should be rwsr-xr-x. Again I am yet to find a reason for the change but a simple chmod fixed the problem.
Regards Richard ----- Original Message ----- From: "Matthew Hannigan" <[EMAIL PROTECTED]> To: "Richard Neal" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, September 04, 2002 12:13 AM Subject: Re: [SLUG] SU Problems > > My thought too. Things tend not to behave differently > for no reason. Especially things like su. > Perhaps your pam modules or config has been trojaned. > > > Richard Neal wrote: > > You might want to check that su hasn't been replaced with a rootkit su. > > > > On Tue, 2002-09-03 at 17:47, Richard Luckhurst wrote: > > > >>Hi list > >> > >>I am using Redhat 7.2 for a client and today noticed a problem I've > >>not seen before. I went to become root as I always have, with su, > >>and instead of being asked for the root password and becoming root > [ .. ] > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
