[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[4]: [cobalt-security] amd root?
- Subject: Re[4]: [cobalt-security] amd root?
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: Fri, 8 Feb 2002 09:59:52 +0300 (MSK)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 7 Feb 2002 22:13:29 +0100 Michael Stauber <cobalt@xxxxxxxxxxxxxx> wrote:
> > If you are using vi(m), save with ":w!" command, with exclamation mark.
> > Vi tries to be "friendly" and stops you if it *thinks* that you cannot
> > write to the file rather than when attempt to write in fact fails.
>
> I used vi, pico and midnight commander. I even tried to copy, move and
> to
> echo into the file. To no avail. User "root" didn't have the permission
> to
> modify /etc/shadow on that system.
>
> Comparance of /proc/ksyms with a reference system did suggest that a
> malicious kernel module had been inserted, responsible for that hickup.
Either that or someone has set "immutable" attribute to the file with
chattr(1).
Eugene