From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G0pxd-00070E-Ap for garchives@archives.gentoo.org; Thu, 13 Jul 2006 01:25:49 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k6D1NBCE009296; Thu, 13 Jul 2006 01:23:11 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k6D15TKv009308 for ; Thu, 13 Jul 2006 01:05:29 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id ED5C764376 for ; Thu, 13 Jul 2006 01:05:28 +0000 (UTC) Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30658-13 for ; Thu, 13 Jul 2006 01:05:21 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id CA1B1642B0 for ; Thu, 13 Jul 2006 01:05:20 +0000 (UTC) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1G0pdV-0002GN-Tc for gentoo-user@gentoo.org; Thu, 13 Jul 2006 03:05:01 +0200 Received: from www.buffer.net ([24.73.161.102]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 13 Jul 2006 03:05:01 +0200 Received: from wireless by www.buffer.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 13 Jul 2006 03:05:01 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: hardened: setuid Date: Thu, 13 Jul 2006 01:03:36 +0000 (UTC) Message-ID: References: <44B55577.5020906@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: main.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 24.73.161.102 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060616) Sender: news X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Status: No, score=-2.544 required=5.5 tests=[AWL=-0.022, BAYES_00=-2.599, TW_RW=0.077] X-Spam-Score: -2.544 X-Spam-Level: X-Archives-Salt: 28752c65-f3d2-439f-8388-6f6658bdf749 X-Archives-Hash: cffb408bf657b26551dc8723423d71fd Donnie Berkholz gentoo.org> writes: > > /usr/athena/bin/su > > /usr/athena/bin/otp > > /usr/athena/bin/rcp > > /usr/athena/bin/rsh > > /usr/athena/bin/rlogin > > upon greater inspection this is most troubling: > > -rws--x--x 1 root root 108416 May 4 19:52 /usr/athena/bin/su > > -rws--x--x 1 root root 105640 May 4 19:52 /usr/athena/bin/otp > > -rws--x--x 1 root root 95840 May 4 19:52 /usr/athena/bin/rlogin > > Are these part of a normal gentoo system running hardened, or is it > > time to re-install this machine? > Have you tried checking which (if any) packages own these files? Have > you built anything yourself outside of portage that could have installed > them? Well I used --tree and it revealed nothing. No this system does not have any cvs or portage overlay packages.... James -- gentoo-user@gentoo.org mailing list