Bug#286628: marked as done (Filesystem coruption. local attack for setuid root executable?)
Your message dated Sat, 5 Jan 2008 22:05:22 +0100
with message-id <20080105210522.GO17624@stro.at>
and subject line Filesystem coruption. local attack for setuid root executable?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Filesystem coruption. local attack for setuid root executable?
- From: Bobakitoo <bobakitoo@qc.aira.com>
- Date: Tue, 21 Dec 2004 03:02:20 -0500
- Message-id: <1103616140.19876.19.camel@deumilun.sympatico.ca>
Package: unknow
Version: unknow
On Debian sarge net install whit ext3 filesystem i got somme verry
strange file and error. somme file read as follow:
?rwx-wS-wt 6743 1909420011 2288661400 3.7G 1962-09-28 08:23
?r-s-wSrwt 59484 2155108859 3093106996 3.8G 1951-08-27 16:14
b-wsr-sr-x 58990 2148981355 1947303819 165, 77 1920-03-04 05:03
c-wx-w--wT 58075 3390588804 4291936288 181, 122 1992-01-03 06:27
?--Sr--r-t 32243 3182936007 1421612276 2.7G 1961-05-16 20:05
?rwx-wsr-t 40822 3819429815 896982909 4.0G 1930-08-30 05:12
p-wS--x--x 61104 456274484 3143202295 419M 1952-04-16 01:20
?rwSrwSrwT 27385 3445454714 3915889634 2.8G 2009-06-27 23:08
?r--rwxrwt 45494 1042776226 3513874223 2.7G 2015-08-01 10:46
?-wS--x-wt 28663 2080074714 3750305767 3.6G 1989-08-16 08:13
s-ws-wSrwT 18770 1943752241 4021181408 3.7G 1918-11-18 14:58
they where all created by my user(uid 1000)
Could somme exectable be crafted to have set uid bit and
owner of uid 0?
i was also building a cvs checkout of wine. the first
build was successfull, then i make clean and make again.
it stop on that error:
async.c:75:19: warning: netdb.h: Value too large for defined data type
async.c:83:21: warning: resolv.h: No such device
i've never see somme thing like that before.
additionaly logs report:
hdb: dma_timer_expiry: dma status == 0x60
hdb: DMA timeout retry
hdb: timeout waiting for DMA
hdb: status error: status=0x58 { DriveReady SeekComplete DataRequest }
hdb: drive not ready for command
init_special_inode: bogus i_mode (173005)
Cyclades driver 2.3.2.20 2004/02/25 18:14:16
built Nov 25 2004 04:25:23
init_special_inode: bogus i_mode (153723)
init_special_inode: bogus i_mode (77527)
init_special_inode: bogus i_mode (115045)
init_special_inode: bogus i_mode (173735)
init_special_inode: bogus i_mode (167666)
init_special_inode: bogus i_mode (71477)
init_special_inode: bogus i_mode (155213)
Whit the DMA timer expire, i look like a hardware probleme
but i've been runing other distribution before on this
system and i never got surch error.
--- End Message ---
--- Begin Message ---
- To: 286628-done@bugs.debian.org
- Subject: Re: Filesystem coruption. local attack for setuid root executable?
- From: maximilian attems <max@stro.at>
- Date: Sat, 5 Jan 2008 22:05:22 +0100
- Message-id: <20080105210522.GO17624@stro.at>
closing as the kernel don't set the setuid bit on files
also the dma failure looks much more then dying hardware.
no furture report since initial post.
--
maks
--- End Message ---
Reply to: