[OZAPRS] New to both Linux and Xastir. Having trouble gettingthe maps into the maps dir
Dave Horsfall
dave at horsfall.org
Thu Apr 16 13:40:34 EST 2009
On Mon, 13 Apr 2009, Geoff wrote:
> I have had this problem where root cannot read files - they were indeed
> set with 000 as the permission, but also had another attribute set
> (chattr) - I can't recall which one, but it is certainly possible to
> make a file unreadable to root. Root can however reset the attributes
> and permissions, if you know which attribute is set :-)
Yeah; I've also seen similar behaviour from device files, and also broken
applications that don't take uid==0 into account.
> This was found during investigation of a r00tkit on one of our boxes.
> We tend to learn a lot when tracing what has been done by the evil
> script kiddies ;-)
An early Penguin box that I was semi-administering (but not allowed to
firewall - sigh) was truly r00ted once (by the SSH compensation attack); I
was really impressed by the number of trojaned binaries that took great
efforts to mask themselves, so e.g. PS didn't show certain processes, and
LS certain files etc - the usual stuff.
> Even so, it's not really something that can be inherited from a download
> - it needs to be intentionally set that way.
Indeed, hence my remark.
-- Dave
_______________________________________________
Ozaprs mailing list
Ozaprs at aprs.net.au
http://aprs.net.au/mailman/listinfo/ozaprs
More information about the Ozaprs
mailing list