Re: Group permissions changed

From: Eduardo Tongson (propolice_at_gmail.com)
Date: 09/29/05

  • Next message: joop gerritse: "Re: Group permissions changed"
    Date: Thu, 29 Sep 2005 16:45:22 +0000
    To: focus-linux@securityfocus.com
    
    

    On 28 Sep 2005 18:33:24 -0000, sf_submit@yahoo.com <sf_submit@yahoo.com> wrote:
    > I posted this before on the security basics, but haven't recieved a response, and it worries me a bit, so I'm sending this to a few other groups in hopes that someone will have an idea about it.
    >
    > ---
    >
    > Fairly recently I noticed my ftp client wouldn't list files in certain directories on my server anymore - so I ssh'd in (it's dedicated), and did a ls -aFl on the files, hoping to see what the problem was - here are a few of the results:
    >
    > -rw-r--r-- 1 larry 503 371 2005-02-25 08:36 head.php
    > -rw-r--r-- 1 larry 48 873 2005-09-09 03:23 foot.php
    >
    > I never set the group ids to 503 or 48, so I checked just to make sure - and no groups with those ids even exist. Is there an exploit/tool that causes this, and should I be worried?
    >

    503 and 48 has [r] rights only no need to worry.
    Whoever uploaded the files probably had the owner/group preserved.

    > I checked the processes running, and everything seems to be OK - same with any processes connecting to the internet.

    Ask or check how these files are uploaded.

    --ed


  • Next message: joop gerritse: "Re: Group permissions changed"