4203:31337 (possible exploit?)
Jeremy Chadwick
koitsu at FreeBSD.org
Sat Nov 10 07:44:15 PST 2007
On Sat, Nov 10, 2007 at 03:25:57PM +0100, Mike -freebsd wrote:
> Guys, is anyone else seeing this?
> drwxr-xr-x 69 4203 31337 1536 Nov 9 13:59 ports
>
> I see this on three of four FreeBSD 7 boxes and only on /usr/ports/
> (why...?). Anyone else?
Four different boxes of ours:
$ uname -r && ls -ld /usr/ports
6.2-STABLE
drwxr-xr-x 69 root wheel 2048 10 Nov 02:14 /usr/ports/
$ uname -r && ls -ld /usr/ports
6.3-PRERELEASE
drwxr-xr-x 69 root wheel 1536 10 Nov 02:12 /usr/ports/
$ uname -r && ls -ld /usr/ports
7.0-PRERELEASE
drwxr-xr-x 69 root wheel 1536 7 Nov 02:24 /usr/ports/
$ uname -r && ls -ld /usr/ports
7.0-BETA2
drwxr-xr-x 69 root wheel 1536 10 Nov 02:19 /usr/ports/
Sounds like you may have a security problem (re: "31337" GID). If
that's the case, I would strongly advocate formatting + reinstalling
those machines.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-ports
mailing list