[KLUG Members] Flame bait - execve(),SUID shells
Ted Juszczak
members@kalamazoolinux.org
Sat, 14 Jul 2001 21:53:46 -0400
I have a shell account at a free linux server in Texas
called sdf.lonestar.org.
http://www.lonestar.org/sdf
For a $32 donation, you can, for a lifetime (its, not your's)
get additional perks - called an ARPA account.
It's quite open, offering free email and most of the
amenities of a shell account, including web browsing
with lynx as well as chat on irc. It's been in existence
7 or 8 years as I recall.
Recently it was hacked into apparently using an "execve() system
call where malicious code can be executed via almost any binary"
that affects all [linux] kernels 2.2.18 and below.
See:
http://www.lonestar.org/sdf/news.html
The whole system was down for several days this week as the
administrator looks for sniffers, trojans and backdoors.
At the same time the owner is switching over to an alpha based
server and netbsd with a 1.5 mb connection.
He's probably going to abandon telnet, ftp, and pop3.
Along the same line, here is a page that describes perhaps
a related issue.
http://www.phila.geek.org.uk/phila/hawza/suid.html
Ted & Thad Juszczak
linkmasters
linkmaster@kalamazoolinux.org