From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OiXjJ-0005bG-Mx for garchives@archives.gentoo.org; Mon, 09 Aug 2010 19:09:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D0ABBE0E0D; Mon, 9 Aug 2010 19:09:41 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 924E7E0E0D for ; Mon, 9 Aug 2010 19:09:41 +0000 (UTC) Received: by wyf28 with SMTP id 28so6009828wyf.40 for ; Mon, 09 Aug 2010 12:09:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=gBF213X1o1a+15PInUl+6+0rL5U53lxzr32SIti8hpQ=; b=iowCxgDMw0IdQ8YkkjvUhy/cNaaChhQOoZnGeSFsQfLrOuqm/i0y7KdXJRgQJcta8g g24UQIhxVsx2sGPkRXWsZnG7iiGX9H5neLtAY7AHmZjlsvyGOszHfdR6Vlzj0M4JrQKM TLEma6JzObEGcoM/pImskqXC1WOfwAg7RgjMA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=Sq0pCeukwqTZJoPdRmctW2v/rlaL1uHGoqPgTLYLFqab4hISotl/qmmcxbrsKaMsVs 5q3pgDDTDafNO2d6Rg2MkWRiM4VPykrn+ZMMVIsVPYg/6fsbtcH6Y741hC5CLfC7qYv+ v6glKAMt6/Rl5XdpUBIOA151ERazlnbmWDat8= Received: by 10.227.127.194 with SMTP id h2mr14203293wbs.74.1281380980905; Mon, 09 Aug 2010 12:09:40 -0700 (PDT) Received: from (230.3.169.217.in-addr.arpa [217.169.3.230]) by mx.google.com with ESMTPS id e8sm2806147wej.22.2010.08.09.12.09.39 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 09 Aug 2010 12:09:40 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice Date: Mon, 9 Aug 2010 20:09:29 +0100 User-Agent: KMail/1.13.5 (Linux/2.6.34-gentoo-r1; KDE/4.4.5; x86_64; ; ) References: In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9793564.4F7Vi1c4sE"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201008092009.38665.michaelkintzios@gmail.com> X-Archives-Salt: 2707c762-e8e5-4840-8249-f9c26e82144e X-Archives-Hash: a6afc1e4417a2d58d0fcacdd8c903ae8 --nextPart9793564.4F7Vi1c4sE Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Monday 09 August 2010 17:25:56 Paul Hartman wrote: > My user account has sudo-without-password rights to any command. Ouch! There have been discussions on this list why sudo is a bad idea and sudo on= =20 *any* command is an even worse idea. You might as well be running everythin= g=20 as root, right? You have decided wisely to reinstall because you can't be sure of this OS=20 anymore. Please keep us updated on what you find from the forensic analysis. =2D-=20 Regards, Mick --nextPart9793564.4F7Vi1c4sE Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) iEYEABECAAYFAkxgUnIACgkQVTDTR3kpaLZIoACeKpbBUmBQrC0WcWYMDFDEZow6 xLYAn2f9q3289Pw/raFx5dxUwBcnJlxR =h54G -----END PGP SIGNATURE----- --nextPart9793564.4F7Vi1c4sE--