[KLUG Members] Flame bait - execve(),SUID shells

Ted Juszczak members@kalamazoolinux.org
Sat, 14 Jul 2001 21:53:46 -0400

Previous message: [KLUG Members] ELUG-HW: cheap dual-P3, "crippled" i845, cheap PCTote, 20-24x CD-R, USB keypad, 3Ware ATA RAID
Next message: [KLUG Members] New on BSware this week.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a shell account at a free linux server in Texas
called sdf.lonestar.org. 

http://www.lonestar.org/sdf

For a $32 donation, you can, for a lifetime (its, not your's)
get additional perks - called an ARPA account.

It's quite open, offering free email and most of the 
amenities of a shell account, including web browsing 
with lynx as well as chat on irc. It's been in existence 
7 or 8 years as I recall.

Recently it was hacked into apparently using an "execve() system
call where malicious code can be executed via almost any binary"
that affects all [linux] kernels 2.2.18 and below.

See:

http://www.lonestar.org/sdf/news.html

The whole system was down for several days this week as the
administrator looks for sniffers, trojans and backdoors.

At the same time the owner is switching over to an alpha based 
server and netbsd with a 1.5 mb connection. 

He's probably going to abandon telnet, ftp, and pop3.

Along the same line, here is a page that describes perhaps
a related issue. 

http://www.phila.geek.org.uk/phila/hawza/suid.html


Ted & Thad Juszczak
linkmasters
linkmaster@kalamazoolinux.org

Previous message: [KLUG Members] ELUG-HW: cheap dual-P3, "crippled" i845, cheap PCTote, 20-24x CD-R, USB keypad, 3Ware ATA RAID
Next message: [KLUG Members] New on BSware this week.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]