Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-16-2007, 09:13 AM
|
#1
|
Member
Registered: Oct 2004
Posts: 337
Rep:
|
Possible security bug with SU, or am I crazy?
I just tried to su, typed my password wrong, did ctrl+c, and I got this:
[petdav@localhost ~]$ su
Password:
bash-3.1# su
[root@localhost petdav]#
It looks like I managed to su without entering the correct password. Is this legit, or did I type the right password and it was just taking longer than usual? It's never given me the bash-3.1# line before - it looks like init 3 or something. I was in Gnome and the graphics didn't flicker or anything, so it didn't hit init 3. weird...
-Peter
|
|
|
02-16-2007, 01:03 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Is this legit, or did I type the right password and it was just taking longer than usual?
If unsure *always* first check the logs. So, what does your syslog say?
It's never given me the bash-3.1# line before - it looks like init 3 or something. I was in Gnome and the graphics didn't flicker or anything, so it didn't hit init 3. weird...
No, that's not runlevel three but just Bash wasn't intialised with resource files that set the prompt and such.
|
|
|
02-17-2007, 12:39 AM
|
#3
|
Member
Registered: Oct 2004
Posts: 337
Original Poster
Rep:
|
/var/log/messages gave me this:
Code:
Feb 16 11:25:45 localhost kernel: NET: Registered protocol family 10
Feb 16 11:25:45 localhost kernel: lo: Disabled Privacy Extensions
Feb 16 11:25:45 localhost kernel: Mobile IPv6
Feb 16 11:25:45 localhost kernel: fglrx: module license 'Proprietary. (C) 2002 - ATI Technologies, Starnberg, GERMANY' taints kernel.
Feb 16 11:25:45 localhost kernel: [fglrx] Maximum main memory to use for locked dma buffers: 802 MBytes.
Feb 16 11:25:45 localhost kernel: [fglrx] module loaded - fglrx 8.33.6 [Jan 8 2007] on minor 0
Feb 16 11:25:45 localhost kernel: ACPI: PCI Interrupt 0000:01:05.0[A] -> GSI 17 (level, low) -> IRQ 16
Feb 16 11:25:45 localhost pcscd: pcscdaemon.c:464:main() pcsc-lite 1.3.1 daemon ready.
Feb 16 11:25:45 localhost kernel: ACPI: AC Adapter [ACAD] (off-line)
Feb 16 11:25:45 localhost kernel: ACPI: Battery Slot [BAT1] (battery present)
Feb 16 11:25:45 localhost kernel: ACPI: Power Button (FF) [PWRF]
Feb 16 11:25:45 localhost kernel: ACPI: Power Button (CM) [PWRB]
Feb 16 11:25:45 localhost kernel: ACPI: Sleep Button (CM) [SLPB]
Feb 16 11:25:45 localhost kernel: ACPI: Lid Switch [LID]
Feb 16 11:25:45 localhost kernel: ibm_acpi: ec object not found
Feb 16 11:25:45 localhost kernel: ACPI: Video Device [VGA] (multi-head: yes rom: no post: no)
Feb 16 11:25:45 localhost kernel: md: Autodetecting RAID arrays.
Feb 16 11:25:45 localhost kernel: md: autorun ...
Feb 16 11:25:45 localhost kernel: md: ... autorun DONE.
Feb 16 11:25:45 localhost kernel: device-mapper: multipath: version 1.0.5 loaded
Feb 16 11:25:45 localhost kernel: EXT3 FS on dm-0, internal journal
Feb 16 11:25:45 localhost kernel: kjournald starting. Commit interval 5 seconds
Feb 16 11:25:45 localhost kernel: EXT3 FS on hda2, internal journal
Feb 16 11:25:45 localhost kernel: EXT3-fs: mounted filesystem with ordered data mode.
Feb 16 11:25:45 localhost kernel: SELinux: initialized (dev hda2, type ext3), uses xattr
Feb 16 11:25:45 localhost kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Feb 16 11:25:45 localhost kernel: Adding 1835000k swap on /dev/VolGroup00/LogVol01. Priority:-1 extents:1 across:1835000k
Feb 16 11:25:45 localhost kernel: SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
Feb 16 11:25:45 localhost kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Feb 16 11:25:45 localhost kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Feb 16 11:25:45 localhost kernel: Netfilter messages via NETLINK v0.30.
Feb 16 11:25:45 localhost kernel: ip_conntrack version 2.4 (7159 buckets, 57272 max) - 232 bytes per conntrack
Feb 16 11:25:45 localhost kernel: process `sysctl' is using deprecated sysctl (syscall) net.ipv6.neigh.lo.retrans_time; Use net.ipv6.neigh.lo.retrans_time_ms instead.
Feb 16 11:25:45 localhost kernel: ndiswrapper version 1.36 loaded (preempt=no,smp=yes)
Feb 16 11:25:45 localhost kernel: ndiswrapper: driver bcmwl5 (Broadcom,02/11/2005, 3.100.64.0) loaded
Feb 16 11:25:45 localhost kernel: ACPI: PCI Interrupt 0000:05:02.0[A] -> GSI 20 (level, low) -> IRQ 22
Feb 16 11:25:45 localhost kernel: ndiswrapper: using IRQ 22
Feb 16 11:25:45 localhost kernel: wlan0: ethernet device 00:14:a5:15:43:05 using NDIS driver: bcmwl5, version: 0x3644000, NDIS version: 0x501, vendor: '', 14E4:4318.5.conf
Feb 16 11:25:45 localhost kernel: wlan0: encryption modes supported: WEP; TKIP with WPA, WPA2, WPA2PSK; AES/CCMP with WPA, WPA2, WPA2PSK
Feb 16 11:25:45 localhost kernel: usbcore: registered new interface driver ndiswrapper
Feb 16 11:25:45 localhost kernel: ndiswrapper: changing interface name from 'wlan0' to 'eth1'
Feb 16 11:25:45 localhost kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready
Feb 16 11:25:45 localhost kernel: SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts
Feb 16 11:25:45 localhost kernel: Bluetooth: L2CAP ver 2.8
Feb 16 11:25:45 localhost kernel: Bluetooth: L2CAP socket layer initialized
Feb 16 11:25:45 localhost kernel: Bluetooth: RFCOMM socket layer initialized
Feb 16 11:25:45 localhost kernel: Bluetooth: RFCOMM TTY layer initialized
Feb 16 11:25:45 localhost kernel: Bluetooth: RFCOMM ver 1.8
Feb 16 11:25:45 localhost kernel: Bluetooth: HIDP (Human Interface Emulation) ver 1.1
Feb 16 11:25:45 localhost hidd[2516]: Bluetooth HID daemon
Feb 16 11:25:46 localhost kernel: SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
Feb 16 11:25:46 localhost automount[2531]: lookup_read_master: lookup(nisplus): couldn't locat nis+ table auto.master
Feb 16 11:25:46 localhost kernel: SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
Feb 16 11:25:46 localhost kernel: SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
Feb 16 11:25:46 localhost hpiod: 1.6.12 accepting connections at 2208...
Feb 16 11:25:49 localhost gpm[2633]: *** info [startup.c(95)]:
Feb 16 11:25:49 localhost gpm[2633]: Started gpm successfully. Entered daemon mode.
Feb 16 11:25:54 localhost avahi-daemon[2742]: Found user 'avahi' (UID 70) and group 'avahi' (GID 70).
Feb 16 11:25:54 localhost avahi-daemon[2742]: Successfully dropped root privileges.
Feb 16 11:25:54 localhost avahi-daemon[2742]: avahi-daemon 0.6.16 starting up.
Feb 16 11:25:54 localhost avahi-daemon[2742]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Feb 16 11:25:55 localhost avahi-daemon[2742]: Successfully called chroot().
Feb 16 11:25:55 localhost avahi-daemon[2742]: Successfully dropped remaining capabilities.
Feb 16 11:25:55 localhost avahi-daemon[2742]: Loading service file /services/sftp-ssh.service.
Feb 16 11:25:55 localhost avahi-daemon[2742]: Network interface enumeration completed.
Feb 16 11:25:55 localhost avahi-daemon[2742]: Registering HINFO record with values 'I686'/'LINUX'.
Feb 16 11:25:55 localhost avahi-daemon[2742]: Server startup complete. Host name is localhost.local. Local service cookie is 3874812886.
Feb 16 11:25:55 localhost avahi-daemon[2742]: Service "SFTP File Transfer on localhost" (/services/sftp-ssh.service) successfully established.
Feb 16 11:26:03 localhost kernel: cdrom: This disc doesn't have any tracks I recognize!
Feb 16 11:26:10 localhost dhcdbd: Started up.
Feb 16 11:26:10 localhost NetworkManager: <information> starting...
Feb 16 11:26:10 localhost NetworkManager: <information> Adding VPN service 'org.freedesktop.NetworkManager.openvpn' with name 'openvpn' and program '/usr/bin/nm-openvpn-service'
Feb 16 11:26:11 localhost NetworkManager: <information> Adding VPN service 'org.freedesktop.NetworkManager.vpnc' with name 'vpnc' and program '/usr/bin/nm-vpnc-service'
Feb 16 11:26:11 localhost NetworkManager: <information> eth0: Device is fully-supported using driver '8139too'.
Feb 16 11:26:11 localhost NetworkManager: <information> nm_device_init(): waiting for device's worker thread to start
Feb 16 11:26:11 localhost kernel: eth0: link down
Feb 16 11:26:11 localhost kernel: ADDRCONF(NETDEV_UP): eth0: link is not ready
Feb 16 11:26:11 localhost NetworkManager: <information> nm_device_init(): device's worker thread started, continuing.
Feb 16 11:26:11 localhost NetworkManager: <information> Now managing wired Ethernet (802.3) device 'eth0'.
Feb 16 11:26:11 localhost NetworkManager: <information> Deactivating device eth0.
Feb 16 11:26:11 localhost kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready
Feb 16 11:26:11 localhost NetworkManager: <information> eth1: Device is fully-supported using driver 'ndiswrapper'.
Feb 16 11:26:11 localhost NetworkManager: <information> nm_device_init(): waiting for device's worker thread to start
Feb 16 11:26:11 localhost NetworkManager: <information> nm_device_init(): device's worker thread started, continuing.
Feb 16 11:26:11 localhost NetworkManager: <information> Now managing wireless (802.11) device 'eth1'.
Feb 16 11:26:11 localhost NetworkManager: <information> Deactivating device eth1.
Feb 16 11:26:11 localhost NetworkManager: <WARNING> nm_device_802_11_wireless_set_essid (): error setting ESSID to '' for device eth1: Invalid argument
Feb 16 11:26:12 localhost smartd[2895]: smartd version 5.36 [i386-redhat-linux-gnu] Copyright (C) 2002-6 Bruce Allen
Feb 16 11:26:12 localhost smartd[2895]: Home page is http://smartmontools.sourceforge.net/
Feb 16 11:26:12 localhost smartd[2895]: Opened configuration file /etc/smartd.conf
Feb 16 11:26:12 localhost smartd[2895]: Configuration file /etc/smartd.conf parsed.
Feb 16 11:26:12 localhost smartd[2895]: Device: /dev/hda, opened
Feb 16 11:26:12 localhost smartd[2895]: Device: /dev/hda, found in smartd database.
Feb 16 11:26:13 localhost smartd[2895]: Device: /dev/hda, is SMART capable. Adding to "monitor" list.
Feb 16 11:26:13 localhost smartd[2895]: Monitoring 1 ATA and 0 SCSI devices
Feb 16 11:26:13 localhost smartd[2897]: smartd has fork()ed into background mode. New PID=2897.
Feb 16 11:26:16 localhost pcscd: winscard.c:219:SCardConnect() Reader E-Gate 0 0 Not Found
Feb 16 11:26:16 localhost last message repeated 3 times
Feb 16 11:26:19 localhost kernel: [fglrx] PCIe has already been initialized. Reinitializing ...
Feb 16 11:26:51 localhost gconfd (petdav-3117): starting (version 2.14.0), pid 3117 user 'petdav'
Feb 16 11:26:51 localhost gconfd (petdav-3117): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Feb 16 11:26:51 localhost gconfd (petdav-3117): Resolved address "xml:readwrite:/home/petdav/.gconf" to a writable configuration source at position 1
Feb 16 11:26:51 localhost gconfd (petdav-3117): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Feb 16 11:26:54 localhost hcid[2426]: Default passkey agent (:1.11, /org/bluez/applet) registered
Feb 16 11:26:55 localhost gconfd (petdav-3117): Resolved address "xml:readwrite:/home/petdav/.gconf" to a writable configuration source at position 0
Feb 16 11:26:59 localhost pcscd: winscard.c:219:SCardConnect() Reader E-Gate 0 0 Not Found
Feb 16 11:27:00 localhost last message repeated 4 times
Feb 16 11:27:02 localhost yum-updatesd: error getting update info: Cannot open/read repomd.xml file for repository: livna
Feb 16 11:27:04 localhost NetworkManager: <information> Updating allowed wireless network lists.
Feb 16 11:27:56 localhost kernel: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
Feb 16 11:27:57 localhost avahi-daemon[2742]: New relevant interface eth1.IPv6 for mDNS.
Feb 16 11:27:57 localhost avahi-daemon[2742]: Joining mDNS multicast group on interface eth1.IPv6 with address fe80::214:a5ff:fe15:4305.
Feb 16 11:27:57 localhost avahi-daemon[2742]: Registering new address record for fe80::214:a5ff:fe15:4305 on eth1.
Feb 16 11:28:03 localhost dhclient: Internet Systems Consortium DHCP Client V3.0.5-RedHat
Feb 16 11:28:03 localhost dhclient: Copyright 2004-2006 Internet Systems Consortium.
Feb 16 11:28:03 localhost dhclient: All rights reserved.
Feb 16 11:28:03 localhost dhclient: For info, please visit http://www.isc.org/sw/dhcp/
Feb 16 11:28:03 localhost dhclient:
Feb 16 11:28:03 localhost dhclient: Listening on LPF/eth1/00:14:a5:15:43:05
Feb 16 11:28:03 localhost dhclient: Sending on LPF/eth1/00:14:a5:15:43:05
Feb 16 11:28:03 localhost dhclient: Sending on Socket/fallback
Feb 16 11:28:03 localhost dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Feb 16 11:28:03 localhost dhclient: DHCPACK from 10.16.0.2
Feb 16 11:28:03 localhost avahi-daemon[2742]: New relevant interface eth1.IPv4 for mDNS.
Feb 16 11:28:03 localhost avahi-daemon[2742]: Joining mDNS multicast group on interface eth1.IPv4 with address 10.16.5.240.
Feb 16 11:28:03 localhost avahi-daemon[2742]: Registering new address record for 10.16.5.240 on eth1.
Feb 16 11:28:03 localhost avahi-daemon[2742]: Withdrawing address record for 10.16.5.240 on eth1.
Feb 16 11:28:03 localhost avahi-daemon[2742]: Leaving mDNS multicast group on interface eth1.IPv4 with address 10.16.5.240.
Feb 16 11:28:03 localhost avahi-daemon[2742]: iface.c: interface_mdns_mcast_join() called but no local address available.
Feb 16 11:28:03 localhost avahi-daemon[2742]: Interface eth1.IPv4 no longer relevant for mDNS.
Feb 16 11:28:03 localhost avahi-daemon[2742]: New relevant interface eth1.IPv4 for mDNS.
Feb 16 11:28:03 localhost avahi-daemon[2742]: Joining mDNS multicast group on interface eth1.IPv4 with address 10.16.5.240.
Feb 16 11:28:03 localhost avahi-daemon[2742]: Registering new address record for 10.16.5.240 on eth1.
Feb 16 11:28:03 localhost NET[3459]: /sbin/dhclient-script : updated /etc/resolv.conf
Feb 16 11:28:03 localhost dhclient: bound to 10.16.5.240 -- renewal in 201915 seconds.
Feb 16 11:40:05 localhost gnome-power-manager: (petdav) Suspending computer because the lid has been closed on battery power
Feb 16 11:40:05 localhost NetworkManager: <information> Going to sleep.
Feb 16 11:40:05 localhost avahi-daemon[2742]: Interface eth1.IPv6 no longer relevant for mDNS.
Feb 16 11:40:05 localhost avahi-daemon[2742]: Leaving mDNS multicast group on interface eth1.IPv6 with address fe80::214:a5ff:fe15:4305.
Feb 16 11:40:05 localhost avahi-daemon[2742]: Interface eth1.IPv4 no longer relevant for mDNS.
Feb 16 11:40:05 localhost avahi-daemon[2742]: Leaving mDNS multicast group on interface eth1.IPv4 with address 10.16.5.240.
Feb 16 11:40:05 localhost avahi-daemon[2742]: Withdrawing address record for fe80::214:a5ff:fe15:4305 on eth1.
Feb 16 11:40:05 localhost avahi-daemon[2742]: Withdrawing address record for 10.16.5.240 on eth1.
Feb 16 11:40:05 localhost dhclient: receive_packet failed on eth1: Network is down
Feb 16 11:40:10 localhost hidd[2516]: Exit
Feb 16 11:40:11 localhost sdpd[2430]: terminating...
Feb 16 11:40:11 localhost hcid[2426]: Unregister path:/org/bluez/hci0
Feb 16 11:40:11 localhost hcid[2426]: Unregister path:/org/bluez
Feb 16 11:40:11 localhost hcid[2426]: Exit
I see nothing pertinent to su, but I may be wrong. I had to truncate it a little, but I only cut some leading boot up info.
-Peter
Last edited by unSpawn; 02-17-2007 at 04:45 AM.
Reason: //moderator adds BB code tags for readability
|
|
|
02-17-2007, 05:45 AM
|
#4
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
I guess "su" would be logged somewhere else plus you'd have to have "su" logging enabled.
I'm guessing its just a typo and you've actually already put in the correct password.Try and recreate the problem again. When you got the bash-3.1# prompt you're already root so the su after that isn't really relevant.
Try and log on as a normal user and do a su with a wrong password again and post back if the behaviour repeats itself. Unless you have a miraculously slow disk I would pretty much rule out speed being the issue though unless you're doing all your logins from a remote server and all such logins are slow..(root and nonroot).
Post back with an update if still problems.
Cheers
Arvind
|
|
|
02-17-2007, 04:26 PM
|
#5
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
It's possible that there are some commands in root's .profile, .bash_profile, or .bashrc that could take a long time to return (maybe they rely on DNS and the request timed-out?). In that case you probably typed the correct password and your process had already changed UID to 0, but it was still trying to load the profile stuff, which is what you ctl + c'd out of.
|
|
|
All times are GMT -5. The time now is 02:38 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|