Re: Root can't delete files
From: William York (why317@yahoo.com)Date: 10/10/01
- Previous message: Simon Byrnand: "Re: Root can't delete files"
- In reply to: Thanas: "Root can't delete files"
- Next in thread: Brian Kejser: "Re: Root can't delete files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011010190725.35640.qmail@web11601.mail.yahoo.com> Date: Wed, 10 Oct 2001 12:07:25 -0700 (PDT) From: William York <why317@yahoo.com> Subject: Re: Root can't delete files To: Thanas <thanas@infinito.it>, Focus Linux <focus-linux@securityfocus.com>
>
> after an intrusion in a linux system (2.2) using (I suppose) a
> vulnerability in bind 8.2.2 I've experienced a strange behaviour:
>
I'd say it's time to upgrade to a later version of BIND.
>
> the attacker installed a corrupted version of /bin/login
>
If /bin/login is suspect, what makes you think the rest of the system
is O.K.?
> and when i typed:
>
> # mv /safe/version/path/login /bin/login
>
> I just obtained the message 'Operation not permitted' ... How is
> it possible ? I had to use low level tools directly on the ext2
> filesystem to delete that file ...
>
Um, I'd look first at a corrupted version of 'rm', 'mv' and all other
executables. I would personally recommend that you back up critical
data and baseline the system, making sure that you change all
passwords along the way. Once the system has been compromised once,
especially as 'root', it's very hard and very tedious to repair it.
Good luck,
-Bill
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
- Previous message: Simon Byrnand: "Re: Root can't delete files"
- In reply to: Thanas: "Root can't delete files"
- Next in thread: Brian Kejser: "Re: Root can't delete files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
