[ale] login anomaly ???

Bob Toxen transam at verysecurelinux.com
Mon Feb 20 11:36:35 EST 2006


On Mon, Feb 20, 2006 at 10:33:23AM -0500, Courtney Thomas wrote:
> Nathan wrote:
> > This is just a guess, but is it possible that the account has been 
> > chroot'ed, and there is nothing in the chrooot environment?

> > Courtney Thomas wrote:

> >>When I login as root, all is as usual, but if I login as a normal user, 
> >>nothing is available, i.e. if I CD to any dir, there's nothing there, 
> >>but if I access the same material as root, all is still present.

> >>What's happened to my normal user and how do I fix it, please ?

> >>Never experienced anything like this....

> >>Thank you,
> >>Courtney

> Nathan,

> Dunno. How can I tell ?

> No matter what I attempt at the prompt $......all I get is:

> "/libexec/ld-elf.so.1: Cannot open "/usr/local/lib/libflashplayer.so.1"
That sounds suspicious as the SHELL should not be using that.

Your ordinary account may have been compromised.  If you have subsequently
su'ed to root then root might be compromised too.

Another possibility is that something needed for login and shell operation
was chmod'ed to mode 700 or 500 such that ordinary users cannot access it.
(Do let us know which it is.)

> Thank you for your interest,

> Courtney

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002



More information about the Ale mailing list