Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-06-2009, 03:49 AM
|
#1
|
LQ Newbie
Registered: Jan 2009
Location: jakarta
Distribution: mandriva2K9, Ubuntu 9.04, DSL
Posts: 25
Rep:
|
security hole in mandy 2k9?
Hi guys, i've got some "weird" experience with my mandy 2k9. Few days ago i've been download wine for mandy 2k9. I placed it on my home directory, eventually i double click my wine file in user mode. MDV ask it would be install or just save. I answer it install, and mandy install it for me.
I look up in my home directory wishing there was some wine file in there but i found nothing. I bring up konsole and typing "whereis wine" and the answer is quit make me shock, the wine is installed in /usr directory! I'm even not use my root account when i install it. But why was wine have access my /usr directory without even asking me a root/su password. Is there a possibility that this was one security hole in mandy 2k9?
Btw i've been using this method before in mandy 2k8 or even in mandy 10, both are asking my root/su pass before install the s/w.
|
|
|
03-06-2009, 04:00 AM
|
#2
|
Senior Member
Registered: Jan 2005
Location: Nottingham, UK
Distribution: Mageia 6, KDE Neon
Posts: 4,313
|
Why didn't you install wine from the repositories? I don't know where you downloaded wine from, there's a reason why files are digitally signed in the repositories. Why did you continue to install when no root password was requested?
|
|
|
03-06-2009, 07:06 AM
|
#3
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
Please output the result to the following commands
cd /
ls -l | grep usr
let's check that their isn't write access for other on /usr first.
Last edited by r3sistance; 03-06-2009 at 07:10 AM.
|
|
|
03-06-2009, 11:14 AM
|
#4
|
LQ Newbie
Registered: Jan 2009
Location: jakarta
Distribution: mandriva2K9, Ubuntu 9.04, DSL
Posts: 25
Original Poster
Rep:
|
Quote:
Why didn't you install wine from the repositories? I don't know where you downloaded wine from, there's a reason why files are digitally signed in the repositories. Why did you continue to install when no root password was requested?
|
I'm just curious, coz i've been doing this before ( i install some game if i'm not mistaken)and the installer install the program in my home directory. I think this program behave the same way as my previous programs.
|
|
|
03-06-2009, 11:19 AM
|
#5
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,057
|
If ls -ld /usr shows anything other than drwxr-xr-x ... with particular attention to the six characters in bold-face, then you have a very serious security exposure here.
You should not be able to successfully issue the (harmless...) command touch /usr/fubar. The command [i]should[/u] not succeed in creating a file named fubar in that directory (which, btw, is the only thing it attempts to do, and if it does, simply remove the file).
The complete output from this ls -l command on my system consists of the following, and for your edification I will explain it:
drwxr-xr-x 15 root root 464 Sep 6 2007 /usr- The leftmost d indicates that this is a directory.
- The part of the string is a group of three 3-character groups, corresponding to owner, group-members, and others. It indicates that the owner has full-permission ("read, write, execute"); but others cannot "write."
- The next two words indicate that root is the owner, and that the associated group (for permission-purposes) is also coincidentally named root. (You may also see numbers here instead of names, if a name associated with a particular number cannot be found.)
- The remaining items are: the number of entries, the last modification date, and the name itself.
See also: man ls
|
|
|
03-18-2009, 11:03 AM
|
#6
|
LQ Newbie
Registered: Jan 2009
Location: jakarta
Distribution: mandriva2K9, Ubuntu 9.04, DSL
Posts: 25
Original Poster
Rep:
|
Thx for all your post bro, I,ve been double check the security in my mandy as sundialcvs and r3sistence suggestion and looking at my looong root log, in there i found some strange activity. Someone broke into my root account using my root pass. wew, i don't believe it someone broke into my root account using my pass note that i've been thrown in the garbage ( eventhough i've shrewd it in paper shredder).
Thx for the answer bro, I'm sorry it's take to long for me answer this post coz i take some vacation for couple of week. THX BRO..
|
|
|
03-18-2009, 01:18 PM
|
#7
|
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375
|
If it's a local login, that's possible, they could also have done a password reset too. If it isn't local access then it's quite possibly a root kit. Either way your safest bet might just have to be to reinstall the system.
|
|
|
All times are GMT -5. The time now is 09:38 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|