Security Incidents mailing list archives
Re: hack that changes root to Root
From: William York <why317 () yahoo com>
Date: Wed, 27 Feb 2002 23:38:13 +0000
This is from the command vipw, and "root" was "Root", changed all 'root' ownership changed to Root. Only 3 people know roots passwd, and a look at their keystaoke history indicates none changed root to Root
Two things came to mind while reading this thread: (1) Remember that the ownership is really user ID 0, and 'ls' simply looks up the username based up on this UID; trust me, I've changed 'root' to 'god' so that 'god' now owns the system, mostly for levity in the office. (2) Many escape sequences from function keys, including 'Insert' have a tilde '~' within them; in 'vi' the tilde changes case of the current character. I'm not saying you're not seeing a hack. I'm simply suggesting that this may be a simple clumbsy-fingered mistake instead of an intrusion. Happy hunting, -Bill _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- hack that changes root to Root James (Feb 26)
- Re: hack that changes root to Root Yotam Rubin (Feb 26)
- Re: hack that changes root to Root james (Feb 26)
- Re: hack that changes root to Root William York (Feb 28)
- Re: hack that changes root to Root james (Feb 26)
- Re: hack that changes root to Root Mike Shaw (Feb 26)
- Re: hack that changes root to Root Yotam Rubin (Feb 26)