LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-06-2009, 03:49 AM   #1
zectersys
LQ Newbie
 
Registered: Jan 2009
Location: jakarta
Distribution: mandriva2K9, Ubuntu 9.04, DSL
Posts: 25

Rep: Reputation: 15
security hole in mandy 2k9?


Hi guys, i've got some "weird" experience with my mandy 2k9. Few days ago i've been download wine for mandy 2k9. I placed it on my home directory, eventually i double click my wine file in user mode. MDV ask it would be install or just save. I answer it install, and mandy install it for me.

I look up in my home directory wishing there was some wine file in there but i found nothing. I bring up konsole and typing "whereis wine" and the answer is quit make me shock, the wine is installed in /usr directory! I'm even not use my root account when i install it. But why was wine have access my /usr directory without even asking me a root/su password. Is there a possibility that this was one security hole in mandy 2k9?

Btw i've been using this method before in mandy 2k8 or even in mandy 10, both are asking my root/su pass before install the s/w.
 
Old 03-06-2009, 04:00 AM   #2
{BBI}Nexus{BBI}
Senior Member
 
Registered: Jan 2005
Location: Nottingham, UK
Distribution: Mageia 6, KDE Neon
Posts: 4,313

Rep: Reputation: 212Reputation: 212Reputation: 212
Why didn't you install wine from the repositories? I don't know where you downloaded wine from, there's a reason why files are digitally signed in the repositories. Why did you continue to install when no root password was requested?
 
Old 03-06-2009, 07:06 AM   #3
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
Please output the result to the following commands

cd /
ls -l | grep usr

let's check that their isn't write access for other on /usr first.

Last edited by r3sistance; 03-06-2009 at 07:10 AM.
 
Old 03-06-2009, 11:14 AM   #4
zectersys
LQ Newbie
 
Registered: Jan 2009
Location: jakarta
Distribution: mandriva2K9, Ubuntu 9.04, DSL
Posts: 25

Original Poster
Rep: Reputation: 15
Quote:
Why didn't you install wine from the repositories? I don't know where you downloaded wine from, there's a reason why files are digitally signed in the repositories. Why did you continue to install when no root password was requested?
I'm just curious, coz i've been doing this before ( i install some game if i'm not mistaken)and the installer install the program in my home directory. I think this program behave the same way as my previous programs.
 
Old 03-06-2009, 11:19 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,574
Blog Entries: 4

Rep: Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890Reputation: 3890
If ls -ld /usr shows anything other than drwxr-xr-x ... with particular attention to the six characters in bold-face, then you have a very serious security exposure here.

You should not be able to successfully issue the (harmless...) command touch /usr/fubar. The command [i]should[/u] not succeed in creating a file named fubar in that directory (which, btw, is the only thing it attempts to do, and if it does, simply remove the file).

The complete output from this ls -l command on my system consists of the following, and for your edification I will explain it:
drwxr-xr-x 15 root root 464 Sep 6 2007 /usr
  • The leftmost d indicates that this is a directory.
  • The part of the string is a group of three 3-character groups, corresponding to owner, group-members, and others. It indicates that the owner has full-permission ("read, write, execute"); but others cannot "write."
  • The next two words indicate that root is the owner, and that the associated group (for permission-purposes) is also coincidentally named root. (You may also see numbers here instead of names, if a name associated with a particular number cannot be found.)
  • The remaining items are: the number of entries, the last modification date, and the name itself.

See also: man ls
 
Old 03-18-2009, 11:03 AM   #6
zectersys
LQ Newbie
 
Registered: Jan 2009
Location: jakarta
Distribution: mandriva2K9, Ubuntu 9.04, DSL
Posts: 25

Original Poster
Rep: Reputation: 15
Thx for all your post bro, I,ve been double check the security in my mandy as sundialcvs and r3sistence suggestion and looking at my looong root log, in there i found some strange activity. Someone broke into my root account using my root pass. wew, i don't believe it someone broke into my root account using my pass note that i've been thrown in the garbage ( eventhough i've shrewd it in paper shredder).

Thx for the answer bro, I'm sorry it's take to long for me answer this post coz i take some vacation for couple of week. THX BRO..
 
Old 03-18-2009, 01:18 PM   #7
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
If it's a local login, that's possible, they could also have done a password reset too. If it isn't local access then it's quite possibly a root kit. Either way your safest bet might just have to be to reinstall the system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is mysql not supported in mandy 2k9 zectersys Linux - Newbie 7 02-25-2009 03:32 PM
x11vnc security hole to X? nakko Linux - Security 4 06-19-2006 07:26 PM
check the security hole ust Linux - Security 6 09-10-2004 06:42 PM
security hole or convenience? carboncopy Slackware 3 08-13-2003 04:07 AM
Security Hole in PHP 4.3.0 Crashed_Again Linux - Security 1 03-01-2003 04:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration