So how may i fix this problem? I see that your correct about the immunity not doing anything.
Thx in advance for any suggestions Bailey > On Thu, 2002-03-28 at 22:14, Bailey Kong wrote: >> the current work around i got was to chattr +i /etc/passwd >> >> that makes it so /etc/passwd can't be modified, if and when you need >> to add a user you can simply do chattr -i /etc/passwd > > that's absolutely pointless under linux. the exploit allows you to > execute arbitrary code as root. making the passwd file immutable only > adds one more step: > > ln -s $SCRIPTDIR'`chattr =i /etc/passwd; cd etc;chmod 666 passwd #`' > /tmp/logwatch.$2/cron > > etc. > > in *BSD you have to drop the security level to 0 or below to change an > immutable flag, which (usually) drops you out of multiuser mode, so > that it's difficult (although not impossible) for a remote user make > the change. so a console user could use this exploit, although usually > having console access means you can get root anyway (boot in single > user mode, use a boot disk/cd and mount the drive from a different os, > steal the hd and mount it elsewhere, etc). > > -jon > > -- > [EMAIL PROTECTED] || www.divisionbyzero.com > gpg key: www.divisionbyzero.com/pubkey.asc > think i have a virus?: www.divisionbyzero.com/pgp.html > "You are in a twisty little maze of Sendmail rules, all confusing."
