Re: Can't remove file as root
From: Sven Vermeulen (
sven.vermeulen@rug.ac.be)
Date: 02/23/02
From: sven.vermeulen@rug.ac.be (Sven Vermeulen)
Date: Sat, 23 Feb 2002 13:27:37 GMT
On Sat, 23 Feb 2002 13:29:33 +0100, Teddy <bla@bla.bla> wrote:
> I have the problem, that I can't remove a file as root anymore, and I
> don't know why. The file was replaced by a hacker.
~# chattr -i ./ps
~# rm ./ps
Wkr,
Sven Vermeulen
PS Please follow the other post's advise: once a box has been compromised,
you have zero idea what the hacker has done. The only way to be certain is to
reinstall everything, replace the backups and be more carefull in the future.
--
Some stuff you might not know:
~$ is the user-prompt. You don't have to type this.
~# is the root-prompt. You don't have to type this, but you do
need to be root in order to execute the command.
Relevant Pages
- Re: Cant remove file as root
... > I have the problem, that I can't remove a file as root anymore, ... The file was replaced by a hacker. ... > chmod: ps: Operation not permitted ... Unplug it NOW from ...
(comp.security.unix) - Cant remove file as root
... I have the problem, that I can't remove a file as root anymore, and I ... The file was replaced by a hacker. ... chmod: ps: Operation not permitted ... Teddy ...
(comp.security.unix) - Re: Mac OS X hacked under 30 minutes
... It was mentioned quite a few times that to do any damage to someone running in a restricted account, the file downloaded through iChat or run via the Safari download vulnerability would first have to request the user's password. ... However, this hacking contest has shown that is not the case, and any code that was executed by those earlier methods could have used the same technique to elevate their priviliges and execute as root. ... Well, assuming the report is accurate in saying the hacker exploited a local vulnerability, then any code executed by a regular user can use the same vulnerability. ...
(comp.sys.mac.advocacy) - Re: Mac OS X hacked under 30 minutes
... It was mentioned quite a few times that to do any damage to someone running in a restricted account, the file downloaded through iChat or run via the Safari download vulnerability would first have to request the user's password. ... However, this hacking contest has shown that is not the case, and any code that was executed by those earlier methods could have used the same technique to elevate their priviliges and execute as root. ... Well, assuming the report is accurate in saying the hacker exploited a local vulnerability, then any code executed by a regular user can use the same vulnerability. ...
(comp.sys.mac.advocacy) - Re: Mac OS X hacked under 30 minutes
... It was mentioned quite a few times that to do any damage to someone running in a restricted account, the file downloaded through iChat or run via the Safari download vulnerability would first have to request the user's password. ... However, this hacking contest has shown that is not the case, and any code that was executed by those earlier methods could have used the same technique to elevate their priviliges and execute as root. ... Well, assuming the report is accurate in saying the hacker exploited a local vulnerability, then any code executed by a regular user can use the same vulnerability. ...
(comp.sys.mac.advocacy) |
|
