[ale] Terminated user security question
Bob Toxen
transam at verysecurelinux.com
Sun Feb 13 12:48:43 EST 2022
Sure it would be runnable, by anyone if it's permissions include
the 001 bit being set. This is trivial to prove by:
su
cd ~
cp /bin/date zdate
chmod 001 zdate
chown 80 zdate
su notroot
./zdate
If you fear that your system has been hacked then refer to my book's
chapters on recovering from hacks.
Bob
On Sat, Feb 12, 2022 at 08:03:43PM -0500, Jim Kinney via Ale wrote:
> I'm 99.8% convinced that a binary or script owned by just a userID
> number formerly associated with a deleted user can not be run by anyone
> but root unless set chmod 755. Cron should fail as there's no entry
> in passwd or ldap so no defined shell (and no crontab for the user
> was found).
> Can't readily browse up a link that explains operation on a deleted
> user binary.
> --
> Computers amplify human error
> Super computers are really cool
More information about the Ale
mailing list