[ale] Terminated user security question

Bob Toxen transam at verysecurelinux.com
Sun Feb 13 12:48:43 EST 2022


Sure it would be runnable, by anyone if it's permissions include
the 001 bit being set.  This is trivial to prove by:

  su
  cd ~
  cp /bin/date zdate
  chmod 001 zdate
  chown 80 zdate
  su notroot
  ./zdate

If you fear that your system has been hacked then refer to my book's
chapters on recovering from hacks.

Bob

On Sat, Feb 12, 2022 at 08:03:43PM -0500, Jim Kinney via Ale wrote:
> I'm 99.8% convinced that a binary or script owned by just a userID
> number formerly associated with a deleted user can not be run by anyone
> but root unless set chmod 755. Cron should fail as there's no entry
> in passwd or ldap so no defined shell (and no crontab for the user
> was found).

> Can't readily browse up a link that explains operation on a deleted
> user binary.

> -- 
> Computers amplify human error
> Super computers are really cool


More information about the Ale mailing list