Re: [expert] I've been hacked!

[Eric L. Brine]

> But now I do have to ask... why
> does ping need to be suid root? and why do some of the other files he
> listed have to be suid as well??

>From a Solaris box (I don't have linux installed):
  {2} q2ir@jupiter [~]> ls -l `which ping`
  -r-sr-xr-x   1 root     bin        20404 Oct  6  1998 /usr/sbin/ping*
     ^

ping and tracert send out ICMP (raw IP) packets. It's my hypothesis that
root permissions are need to send or receive those.

As for su and mount, root permissions are needed under some or all
circumstances. The only way to do that is to run the application as root
(and switch the effective UID to the user if the extra permissions are not
needed).

ELB

--
Eric L. Brine  |  Chicken: The egg's way of making more eggs.
[EMAIL PROTECTED]  |  Do you always hit the nail on the thumb?
ICQ# 4629314   |  An optimist thinks thorn bushes have roses.