security hole in mandy 2k9?
Hi guys, i've got some "weird" experience with my mandy 2k9. Few days ago i've been download wine for mandy 2k9. I placed it on my home directory, eventually i double click my wine file in user mode. MDV ask it would be install or just save. I answer it install, and mandy install it for me.
I look up in my home directory wishing there was some wine file in there but i found nothing. I bring up konsole and typing "whereis wine" and the answer is quit make me shock, the wine is installed in /usr directory! I'm even not use my root account when i install it. But why was wine have access my /usr directory without even asking me a root/su password. Is there a possibility that this was one security hole in mandy 2k9? Btw i've been using this method before in mandy 2k8 or even in mandy 10, both are asking my root/su pass before install the s/w. |
Why didn't you install wine from the repositories? I don't know where you downloaded wine from, there's a reason why files are digitally signed in the repositories. Why did you continue to install when no root password was requested?
|
Please output the result to the following commands
cd / ls -l | grep usr let's check that their isn't write access for other on /usr first. |
Quote:
|
If ls -ld /usr shows anything other than drwxr-xr-x ... with particular attention to the six characters in bold-face, then you have a very serious security exposure here.
You should not be able to successfully issue the (harmless...) command touch /usr/fubar. The command [i]should[/u] not succeed in creating a file named fubar in that directory (which, btw, is the only thing it attempts to do, and if it does, simply remove the file). The complete output from this ls -l command on my system consists of the following, and for your edification I will explain it: drwxr-xr-x 15 root root 464 Sep 6 2007 /usr
See also: man ls |
Thx for all your post bro, I,ve been double check the security in my mandy as sundialcvs and r3sistence suggestion and looking at my looong root log, in there i found some strange activity. Someone broke into my root account using my root pass. wew, i don't believe it someone broke into my root account using my pass note that i've been thrown in the garbage ( eventhough i've shrewd it in paper shredder).
Thx for the answer bro, I'm sorry it's take to long for me answer this post coz i take some vacation for couple of week. THX BRO.. |
If it's a local login, that's possible, they could also have done a password reset too. If it isn't local access then it's quite possibly a root kit. Either way your safest bet might just have to be to reinstall the system.
|
All times are GMT -5. The time now is 07:59 PM. |