[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[4]: [cobalt-security] amd root?

Subject: Re[4]: [cobalt-security] amd root?
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: Fri, 8 Feb 2002 09:59:52 +0300 (MSK)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 7 Feb 2002 22:13:29 +0100 Michael Stauber <cobalt@xxxxxxxxxxxxxx> wrote:

> > If you are using vi(m), save with ":w!" command, with exclamation mark.
> > Vi tries to be "friendly" and stops you if it *thinks* that you cannot
> > write to the file rather than when attempt to write in fact fails.
> 
> I used vi, pico and midnight commander. I even tried to copy, move and
> to 
> echo into the file. To no avail. User "root" didn't have the permission
> to 
> modify /etc/shadow on that system. 
> 
> Comparance of /proc/ksyms with a reference system did suggest that a 
> malicious kernel module had been inserted, responsible for that hickup. 

Either that or someone has set "immutable" attribute to the file with
chattr(1).

Eugene

References:
- [cobalt-security] amd root?
  - From: Jeff Lasman
- Re: [cobalt-security] amd root?
  - From: Michael Stauber
- Re[2]: [cobalt-security] amd root?
  - From: Eugene Crosser
- Re: Re[2]: [cobalt-security] amd root?
  - From: Michael Stauber

Prev by Date: RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Next by Date: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Previous by thread: Re: Re[2]: [cobalt-security] amd root?
Next by thread: Re: [cobalt-security] amd root?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index