[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack

Subject: Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack
From: "Jamie Martino" <webmaster1@xxxxxxx>
Date: Mon Jan 27 04:42:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, January 27, 2003 7:23 AM
Subject: Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack


> INRE Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack:
> > Dave wrote:
> > >  About /usr/lib/authenticate and file permissions...
> > >  I've seen that a lot of people is asking what was
> > >  the original setting...
> > >  On my Original rack the value was the following:
> > >  [root lib]# ls -l authenticate
> > >  -rwsr-xr-x   1 root     root        18316 Aug  6 20:16 authenticate
> > >  Once modified it appears as following:
> > >  [root lib]# ls -l authenticate
> > >  -rwxr-xr-x    1 root     root        18316 Aug  6 20:16 authenticate
> > >  I hope not to insult anyone saying that I have no clue why it says
> > >  rws .. I tought permissions for the first group are always equal to
> > >  421 = 7 ... what is the value of s? anyone can help?
> > >  thank you in advance!
> >
> > I am having similar problems Dave, changed permissions to 755 and it
hosed
> > my .htaccess files.
> > Changed it back to 4755 as recommended and the pages are not available,
> > this creates an 'internal server configuration error' when requesting
pages
> > in a web browser.
> >
> > Any ideas people? Some of us new folks are struggling a bit with this
one.
> >
> > Thanks
>
> Marcus
>
>   You might try disabling and then re-enabling FrontPage.  Believe the
> htaccess file has entries in the top that are FrontPage related, and if
the
> server "believes" it is not enabled, then those entries will cause errors.
>
> --
> Larry Smith
> SysAd ECSIS.NET
> sysad@xxxxxxxxx
>

Try the link below for more info related to the SETUID bit and
"/usr/lib/authenticate"....  It only affects .htaccess files that need to
access the RaQ's internal passwd file for authentication..  If it is using
it's own file, like .htpasswd, then it's not affected...  That is from my
personal experience..  It all goes back the a simple/dirty fix for the
RaQFuck.sh exploit a short time back..  Hope this helps...

http://list.cobalt.com/pipermail/cobalt-users/2002-December/083199.html

-Jamie-
http://www.w-c.net
In a mad world, only the mad are sane...

References:
- Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack
  - From: cobalt raq4
- Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack
  - From: Larry Smith

Prev by Date: Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack
Next by Date: Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack
Previous by thread: Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack
Next by thread: Re: Fw: [cobalt-users] Fixing the nasty RaQ Hack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index