> This is from the command vipw, and "root" was "Root", changed all 'root' > ownership changed to Root. > Only 3 people know roots passwd, and a look at their keystaoke history > indicates none changed root to Root Two things came to mind while reading this thread: (1) Remember that the ownership is really user ID 0, and 'ls' simply looks up the username based up on this UID; trust me, I've changed 'root' to 'god' so that 'god' now owns the system, mostly for levity in the office. (2) Many escape sequences from function keys, including 'Insert' have a tilde '~' within them; in 'vi' the tilde changes case of the current character. I'm not saying you're not seeing a hack. I'm simply suggesting that this may be a simple clumbsy-fingered mistake instead of an intrusion. Happy hunting, -Bill _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 08:59:23 PST