[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] hacked raq

Subject: Re: [cobalt-users] hacked raq
From: flash22@xxxxxxx
Date: Wed Feb 21 16:45:45 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 21 Feb 2001, Gerald Waugh wrote:

> "Randy Davis" <randy@xxxxxxxxxxxxx>  wrote
> 
> > Yepper.  Did try force as well.  Here is the actual error message I get
> > back:
> >
> > # rpm -Uvh --force util-linux-2.10m-C1.i386.rpm
> > util-linux
> > can't rename /bin/login to /bin/login-RPMDELETE: Operation not permitted
> > unpacking of archive failed on file /bin/login: cpio: unlink failed - Bad
> > file descriptor
> >
> > Ciao
> > Randy
> 
> Ok, look in /bin/login (ls /bin/login) and see if the file is there.
> If it is not there
> try "ls /bin/xlogin"
> if it is there
> You have been cracked.
> (note: hacking is not bad (hackers built Linux) crackers are the spoilers
> (bandits)!
> Gerald

 --force won't change the immutable bit on the filesystem :)

  Little known feature designed to improve security that unfortunatly
seems known only to the hackers ;)

read the man page on chattr ;)

       A  file with the `i' attribute cannot be modified: it can-
       not be deleted or renamed, no link can be created to  this
       file  and  no  data  can  be written to the file.
  (Even by root!)

  chattr -i /bin/login

gsh

References:
- Re: [cobalt-users] hacked raq
  - From: Gerald Waugh

Prev by Date: [cobalt-users] Software updates
Next by Date: Re: [cobalt-users] DSN problem
Previous by thread: Re: [cobalt-users] hacked raq
Next by thread: RE: [cobalt-users] hacked raq

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index