Find sticky bits?

Declan. Moriarty declan.moriarty at ntlworld.ie
Wed Oct 8 09:43:30 PDT 2003


On Wed, Oct 08, 2003 at 08:52:57AM -0500, Archaic enlightened us thusly
> On Wed, Oct 08, 2003 at 09:56:03AM +0100, Declan. Moriarty wrote:
> > 
> > I tracked down this much. Both versions of gcc(2.95 &3.3.1) and c++
> > were suid root; the .o files were root owned, but the executables
> > were not.  The time did come when some user process wanted to write
> > to a root owned file, and a permissions error would scroll up but
> > the build _did_not_ stop. Can you imagine the fun I had with chapter
> > 5 of the book??
> 
> At this point, I would unplug the phone and/or cat 5 cable that is
> going into the computer and do some serious checking of logs,
> timestamps, the /tmp and /var/tmp dirs for anything suspicious. Look
> at ls, ps, etc. to see if they have the correct timestamps,
> permissions, and owner/group.

NaS.

Cat 5 - I wish! A check of /tmp and /var/tmp showed that gcc had got out
of hand under the control of user lfs - probably a make test. ls and ps
date from April 2002 and are root owned, with 751 permissions. I really
can't worry what's in the logs - I'm sorry.

Archaic, this is a Slightly Serious outfit, and nothing of a serious
nature is done on this machine, except some accounts. I have not been
hacked. I am not a sitting duck online. The only server daemons running
here are Bernstein's Paranoid stuff. No telnet; No ftpd; No Network;
Nothing done as root; Qmail, for heaven's sake; Nobody else at the
keyboard.

And if it blows up, I won't be particularly upset. The proof of this is
that recently it _did_. My teenager nicked the cdwriter, returned it and
managed to blow away the Southbridge. When a tomsrtbt floppy gives you
ide errors on booting, something is seriously wrong. I think it was
something to do with turning on, then plugging the cdwriter in.

So I have a fast box now (Athlon 2600, 333Mhz FSB, 4x agp). I see a
little less of the hourglass :-).

--

	With best Regards,


	Declan Moriarty.



More information about the blfs-support mailing list