| View previous topic :: View next topic |
| Author |
Message |
Utoxin
Guru
Joined: 19 Apr 2002
Posts: 413
Location: American Fork, UT
|
 Posted: Mon Jun 10, 2002 4:22 pm Post subject: Unkown Usernames on my system |
 |
|
I just glanced at /etc/passwd and there are two unfamiliar usernames in there that are in the 1000's, where 'normal' users are supposed to go.
| Quote: | meekrob:x:1000:100::/home/meekrob:/bin/bash
apache:x:1001:407:apache:/home/httpd:/bin/false
verwilst:x:1002:100::/home/verwilst:
|
I'm familiar with the apache user, but are meekrob and verwilst created by some process that I don't know about? Or should I worry about a possible security breach? |
|
| Back to top |
|
 |
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Mon Jun 10, 2002 4:29 pm Post subject: |
|
|
| Look at their home directories and see what you can see. Google says nothing common about either, so this doesn't look good. Ye may have been r00ted. |
|
| Back to top |
|
|
Utoxin
Guru
Joined: 19 Apr 2002
Posts: 413
Location: American Fork, UT
|
| Posted: Mon Jun 10, 2002 4:35 pm Post subject: |
|
|
| I just had a thought... I used the new 1.3a tarball, so I'm going to check that and see if they're included in that. |
|
| Back to top |
|
|
Utoxin
Guru
Joined: 19 Apr 2002
Posts: 413
Location: American Fork, UT
|
| Posted: Mon Jun 10, 2002 4:38 pm Post subject: |
|
|
| Just checked. That's where they're from. So no worries. |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Mon Jun 10, 2002 4:38 pm Post subject: |
|
|
| What's particularily bothersome is that meekrob actually has a shell -- daemon users don't. Also note the group IDs, they're each 100 (users), which daemons don't have either. |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Mon Jun 10, 2002 4:41 pm Post subject: |
|
|
| Utoxin wrote: | | So no worries. |
Run passwd on each anyway. Seems like a slip-up in 1.3a packaging, to me, but it could allow someone access to your machine (and many others). |
|
| Back to top |
|
|
Utoxin
Guru
Joined: 19 Apr 2002
Posts: 413
Location: American Fork, UT
|
| Posted: Mon Jun 10, 2002 4:46 pm Post subject: |
|
|
Way ahead of you.  |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Mon Jun 10, 2002 4:47 pm Post subject: |
|
|
Good. Are you going to report this to bugs.gentoo.org or should I?  |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Mon Jun 10, 2002 4:49 pm Post subject: |
|
|
| delta407 wrote: | | What's particularily bothersome is that meekrob actually has a shell |
meekrob and verwilst are both developers on the Gentoo project -- what you're seeing is likely an oversight. Before people start screaming about conspiracies and backdoors, this is likely an honest mistake that someone made -- forgetting to remove a user account before something made it into production. (of course, I think 1.3a is still in development...)
Regardless, you should probably file a bug on this on bugs.gentoo.org. (after ensuring that no one else has already filed a similar bug. )
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
Utoxin
Guru
Joined: 19 Apr 2002
Posts: 413
Location: American Fork, UT
|
| Posted: Mon Jun 10, 2002 4:50 pm Post subject: |
|
|
| I'll go ahead and file it. |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Mon Jun 10, 2002 4:52 pm Post subject: |
|
|
| klieber wrote: | | delta407 wrote: | | What's particularily bothersome is that meekrob actually has a shell |
meekrob and verwilst are both developers on the Gentoo project -- what you're seeing is likely an oversight. Before people start screaming about conspiracies and backdoors, this is likely an honest mistake that someone made -- forgetting to remove a user account before something made it into production. |
Yes, but delta407 also said:
| delta407 wrote: | | Seems like a slip-up in 1.3a packaging, to me, but it could allow someone access to your machine (and many others). |
| klieber wrote: |
Regardless, you should probably file a bug on this on bugs.gentoo.org. (after ensuring that no one else has already filed a similar bug. ) |
Me, Utoxin, or someone else? |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Mon Jun 10, 2002 5:12 pm Post subject: |
|
|
| delta407 wrote: | Yes, but delta407 also said:
| delta407 wrote: | | Seems like a slip-up in 1.3a packaging, to me, but it could allow someone access to your machine (and many others). |
|
I never said it wasn't a problem. I agree that it is bad. I merely stated it probably wasn't intentional.
| klieber wrote: | | Me, Utoxin, or someone else? |
Someone who's willing to take up the cause.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Mon Jun 10, 2002 5:17 pm Post subject: |
|
|
| klieber wrote: | | I merely stated it probably wasn't intentional. |
And I agreed with you
| klieber wrote: | | Someone who's willing to take up the cause. |
Bugzilla has been notified. |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Mon Jun 10, 2002 5:24 pm Post subject: |
|
|
| delta407 wrote: | | And I agreed with you |
Ah -- I understand now. Sorry -- I didn't mean you when I talked about conspiracies. I was just speaking in a general sense. Often times, hysteria can overwhelm common sense when these kinds of bugs are discovered.
Anyway, thanks for filing the bug -- please let us know if you get a response. I'd be curious to know the resolution of this issue.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
Utoxin
Guru
Joined: 19 Apr 2002
Posts: 413
Location: American Fork, UT
|
| Posted: Mon Jun 10, 2002 6:38 pm Post subject: |
|
|
| Since the bug report has been filed, I went ahead and just used userdel to remove the users from the system entirely. |
|
| Back to top |
|
|
Chemtux
n00b
Joined: 10 Apr 2002
Posts: 22
Location: The Netherlands
|
| Posted: Mon Jun 10, 2002 10:21 pm Post subject: |
|
|
For 1.3a you have to send a bug-report by email to bart verwilst directly
_________________
Nope |
|
| Back to top |
|
|
|
Networking & Security
