s-bits disappear ?

Bernd.LehleRUS.Uni-Stuttgart.DE

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Frank Stuart: "Re: Netscape problems (again)..."
• Previous message: Jay 'Whip' Grizzard: "Netscape problems (again)..."
• Next in thread: Neil Readwin: "Re: s-bits disappear ?"

Hello,

today I had a strange experience on an IRIX 5.3 system.

I realized that the normal bunch of mails from the states had not come
in overnight. I checked if sendmail was still running when I realized
that ps would not give me the information ("insufficient permision").
I tried to become root by "su" which also would not let me ("insuf-
ficient permission"). After a puzzling search I took the machine in
single user mode to shield off a possible attack.

The following investigation yielded: The s-bits of /sbin/ps, /sbin/su
and /bin/mail had disappeared. I thought of Trojan Horses and compared
the checksums with sum and MD5 against secure binaries on a different
system some place else. There was no difference.

So I am not sure if this was a hacking attempt or a OS bug.

Anyone seen this before ?

--
> Bernd Lehle - Stuttgart University Computer Center * A supercomputer <
>       Visualization / SFB 382 / Astrophysics       *  is a machine   <
> lehlerus.uni-stuttgart.de   Tel:+49-711-685-2047  *  that runs an   <
>   http://www.tat.physik.uni-tuebingen.de/~lehle    *  endless loop   <
>  pgp? -> finger berndvisbl.rus.uni-stuttgart.de   *  in 2 seconds   <

• Next message: Frank Stuart: "Re: Netscape problems (again)..."
• Previous message: Jay 'Whip' Grizzard: "Netscape problems (again)..."
• Next in thread: Neil Readwin: "Re: s-bits disappear ?"