Network Security: Detailed info on Re: Group permissions changed

Subject:	Re: Group permissions changed
Date:	Thu, 29 Sep 2005 21:43:03 +0200

On Wednesday 28 September 2005 20:33, sf_submit@yahoo.com wrote:

I posted this before on the security basics, but haven't recieved a
response, and it worries me a bit, so I'm sending this to a few other
groups in hopes that someone will have an idea about it.

---

Fairly recently I noticed my ftp client wouldn't list files in certain
directories on my server anymore - so I ssh'd in (it's dedicated), and did
a ls -aFl on the files, hoping to see what the problem was - here are a few
of the results:

-rw-r--r-- 1 larry 503 371 2005-02-25 08:36 head.php
-rw-r--r-- 1 larry 48 873 2005-09-09 03:23 foot.php

I never set the group ids to 503 or 48, so I checked just to make sure -
and no groups with those ids even exist. Is there an exploit/tool that
causes this, and should I be worried?


I seem to remember that tar preserves group numbers when unpacking an archive, 
but I cannot check it right now.

-- 
Joop Gerritse
Mühlenstraße 11
D-47546 Kalkar-Wissel
Germany
+49 2824 971487
http://www.jjge.nl

<Prev in Thread]	Current Thread	[Next in Thread>
Group permissions changed, sf_submit Re: Group permissions changed, Alan McKinnon Re: Group permissions changed, Eduardo Tongson Re: Group permissions changed, Glynn Clements Re: Group permissions changed, joop gerritse <= Re: Group permissions changed, Jan Slupski Re: Group permissions changed, System Administrator

Previous by Date:	Re: Group permissions changed, Eduardo Tongson
Next by Date:	Re: Group permissions changed, Glynn Clements
Previous by Thread:	Re: Group permissions changed, Glynn Clements
Next by Thread:	Re: Group permissions changed, Jan Slupski
Indexes:	[Date] [Thread] [Top] [All Lists]