From: | david(dot)lao(at)sharpasia(dot)com(dot)mo |
---|---|
To: | Jeff Frost <jeff(at)frostconsultingllc(dot)com>, Michael Fuhr <mike(at)fuhr(dot)org> |
Cc: | david(dot)lao(at)sharpasia(dot)com(dot)mo, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: real and effective user ids must match |
Date: | 2006-09-16 01:25:09 |
Message-ID: | 3511.202.175.123.162.1158369909.mailsage.folio@sharpasia.com.mo |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
is there any way to correct this problem? please help.
On Fri, 15 Sep 2006, Michael Fuhr wrote:
> On Thu, Sep 14, 2006 at 10:24:29PM -0700, Jeff Frost wrote:
>> On Thu, 14 Sep 2006, Michael Fuhr wrote:
>>> Can anybody else with a Linux box test the above command?
>>
>> On my FC4 machine running 2.6.16-1.2111_FC4:
>>
>> uid=26(postgres) gid=26(postgres) groups=26(postgres)
>> context=user_u:system_r:unconfined_t
>
> That's what I'd expect. David's box appears to be behaving oddly,
> which could be signs of tampering if he has indeed been hacked. If
> that's happened then commands like "ls" and "ps" can't be trusted.
>
> Can anybody think of a way for David to be seeing the behavior he's
> seeing that doesn't involve a tampered-with system?
It's probably worthwhile to get a copy of chkrootkit and/or rkhunter and run
them to see if there is a problem. Might also be worthwhile to run the ps and
ls from the install CD to see if there are any suprising results.
--
Jeff Frost, Owner <jeff(at)frostconsultingllc(dot)com>
Frost Consulting, LLC http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Frost | 2006-09-16 01:27:50 | Re: real and effective user ids must match |
Previous Message | Jeanna Geier | 2006-09-15 20:11:41 | Re: Instructions For Building On Windows? |