 | | | su problems (bob) (Was Re: Taroon-list Digest, Vol 16, Issue 11) | su problems (bob) (Was Re: Taroon-list Digest, Vol 16, Issue 11) 2005-06-06 - By Stephen Gardner
Back
On Mon, 6 Jun 2005, bob wrote:
> -rwxr-xr-x 1 root root 47522 Aug 12 2003 /bin/su
>
> -bob
All credit to Koree who appears to have hit on the problem. An rpm -V
coreutils should show the that the mode on /bin/su differs from when it
was installed (rpm output: .M...... /bin/su ). As root you should
reset the permission on /bin/su back to the default mode 4755. You
should re-verify with another rpm -V coreutils. I'd guess that a piece of
security auditing software (or similar) has been run and has reset the
setuid bit on /bin/su believing it to be a security vulnerability but in
this case it is correct.
One important note is that if the initial run of rpm shows anything other
than .M...... (particularly if it includes a "5") it's worth
re-installing the coreutils package. However unlikely if /bin/su has
been tampered with / replaced it would be best to have a fresh copy on the
system just to be safe seeing as su is very often used in conjunction with
root privileges.
Regards,
Stephen
> -- -- Original Message -- -- From: "Koree A. Smith" <koreesmith@(protected)>
> To: <taroon-list@(protected)>
> Sent: Monday, June 06, 2005 9:57 AM
> Subject: RE: su problems (bob) (Was Re: Taroon-list Digest, Vol 16, Issue 11)
>
>
>> What are the permissions on su currently?
>>
>> --
>> Koree A. Smith
>> --
>> koreesmith@(protected)
>>
>> >
>> > Message: 1
>> > Date: Sun, 5 Jun 2005 10:55:51 -0500
>> > From: "bob" <sdcbob@(protected)>
>> > Subject: RE: su problems
>> > To: "Discussion of Red Hat Enterprise Linux 3 \(Taroon\)"
>> > <taroon-list@(protected)>
>> > Message-ID: <006001c569e7$0cb186d0$3201a8c0@(protected)>
>> > Content-Type: text/plain; charset="iso-8859-1"
>> >
>> > Hello, after the recent kernel update to my box via up2date some odd
>> > things are going on with su.
>> >
>> > output---
>> >
>> > $ up2date
>> > You are attempting to run "up2date" which requires administrative
>> > privileges, but more information is needed in order to do so.
>> > Password for root:
>> > Please specify either -l, -u, --nox, or package names as command line
>> > arguments.
>> > usage: up2date [OPTIONS] [<packages>]
>> >
>> >
>> > Same account,
>> >
>> >
>> > Red Hat Enterprise Linux ES release 3 (Taroon Update 4)
>> >
>> > $ su -
>> > Password:
>> > su: incorrect password
>> > $ id
>> > uid=2525(bob) gid=2525(bob) groups=2525(bob),10(wheel)
>> >
>> >
>> > same with su root , open for suggestions. hope this is the correct list
>> > to send this too =)
>> >
>> >
>> > -bob
>> > -- ---- ------ next part -- ---- ------
>> > An HTML attachment was scrubbed...
>> > URL:
>> > https://www.redhat.com/archives/taroon-list/attachments/20050605/0a65185d
/attachment.htm
>> >
>> > -- ---- ---- ---- ---- ---- --
>> >
>> > --
>> > Taroon-list mailing list
>> > Taroon-list@(protected)
>> > http://www.redhat.com/mailman/listinfo/taroon-list
>> >
>> > End of Taroon-list Digest, Vol 16, Issue 11
>> > *******************************************
>> >
>>
>> --
>> Taroon-list mailing list
>> Taroon-list@(protected)
>> http://www.redhat.com/mailman/listinfo/taroon-list
>
> --
> Taroon-list mailing list
> Taroon-list@(protected)
> http://www.redhat.com/mailman/listinfo/taroon-list
>
>
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|