Re: hack that changes root to Root
From: William York (why317@yahoo.com)Date: 02/28/02
- Previous message: Wirth, Jeff: "RE: Strange DNS stuff"
- In reply to: james: "Re: hack that changes root to Root"
- Next in thread: Mike Shaw: "Re: hack that changes root to Root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: William York <why317@yahoo.com> To: "james" <jamesh@cybermesa.com>, "Yotam Rubin" <yotam@makif.omer.k12.il> Date: Wed, 27 Feb 2002 23:38:13 +0000
> This is from the command vipw, and "root" was "Root", changed all 'root'
> ownership changed to Root.
> Only 3 people know roots passwd, and a look at their keystaoke history
> indicates none changed root to Root
Two things came to mind while reading this thread:
(1) Remember that the ownership is really user ID 0, and 'ls' simply looks up
the username based up on this UID; trust me, I've changed 'root' to 'god' so
that 'god' now owns the system, mostly for levity in the office.
(2) Many escape sequences from function keys, including 'Insert' have a tilde
'~' within them; in 'vi' the tilde changes case of the current character.
I'm not saying you're not seeing a hack. I'm simply suggesting that this may
be a simple clumbsy-fingered mistake instead of an intrusion.
Happy hunting,
-Bill
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Wirth, Jeff: "RE: Strange DNS stuff"
- In reply to: james: "Re: hack that changes root to Root"
- Next in thread: Mike Shaw: "Re: hack that changes root to Root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
