On Wednesday 11 February 2009 23:26:45 Stan Katz wrote: > I updated/upgraded both my AMD64 and AMD k6 "Etch" machines between Feb > 10-11, 2009 using "Lenny" test. Both picked up a symptom I haven't seen > since the lpd exploit of the 1990's. This symptom manifests itself as > either a random escalation of the etc directory mode up to 600, or a > consistent escalation to mode 600 upon reboot. My /etc is mode 755. Why would that be a problem? Some user/programs may need to read data out of the directory and root (the owner of my /etc) certainly needs write permissions. > I don't remember why the lpd > exploit did this. If this is an exploit, it shakes my confidence in debian > online updating. I don't see how a 600 /etc can be exploited. Do you have any other records that would indicate you are exploited, or is this just fear-mongering? > Also, the Bastille firewall on the > AMD64 began locking down port 80 after about 10min of operation. Adding 80 > to all interfaces didn't help. Only shutting down Bastille cleared the > block. Sounds like a bug in Bastille. Can you reproduce reliably? Have you checked your configuration? If both, has you filed a bug yet? > I fear this is another indication of the exploit. How/Why would these be related? > Has anyone else experienced this misbehavior after an upgrade? Not here. I've been running Lenny for a number of months. > Any > suggestions, other than a complete disk wipe on both machines? In any case, > where would I go for a trusted rebuild, if there truly is a sabateur in the > ranks of the Debian maintainers? I'm forwarding to debian-security; perhaps they will have suggestions. This topic is more appropriate for that list than debian-user anyway. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.