[mdlug] su Password problem

Michael S. Mikowski z_mikowski at yahoo.com
Sat Jun 6 05:41:43 EDT 2009


Its a remote but real possibility that someone installed (or tricked you to 
install) a root kit on your box.  If you think this might be the case, you may 
extract /bin/su from the package  (or get it from a trusted source on the 
internet) and compare it to your installed version.

On kubuntu:


# apt-file search /bin/su |grep '/bin/su$'
login: /bin/su

I don't recommend this for fear of messing with the login system, but you 
could set aside su, reinstall the source package, and then compare the files.

# cd /bin; cp su su.20090606
# apt-get reinstall login

A good way to see if the file has changed is to use an md5sum:

# md5sum /bin/su.20090606 /bin/su

Hopefully this is helpful.  I apologize if it is too remedial.

Cheers, Mike


On Thursday 04 June 2009 03:14:41 pm Drew wrote:
> At 03:38 PM 6/4/09, Aaron Kulkis wrote:
> >My guess is that su returned "wrong password" because it
> >was the wrong password, as compared to the hash of the
> >root password stored in /etc/shadow, which, by definition,
> >represents the right password.
> >
> >Now, if you can log into root using this password, then
> >su is screwed up.  But my guess is that you can't login
> >to root using the password you tried, either.
>
> In this case you guess wrong. I can in fact simply log in as root, using
> the same password that su is rejecting. I just did so again to be sure.
> Also as I've mentioned Yast and Administrator Mode  in Personal Preferences
> both accept the same password.
>
> Which means su is screwed up.
>
> Question is, what could have screwed/be screwing it up?
>
> >Get a rescue disk, mount the root partition, edit
> >/mnt/etc/shadow, remove the password hash (replace
> >
> >:34398b9839ghbavhabihbrwhatever: with ::), save the
> >
> >file, boot off the main system, login to root (the
> >password should be simply the return key), and then
> >IMMEDIATELY run the command   passwd
>
> I might try this eventually. But I still want to know why su is being
> different.
>
> ----
>
> - Drew.
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug



More information about the mdlug mailing list