Script started on Wed Feb 27 15:33:28 2002
[15:33:29][root@izr $]strace -f su zwerg
<code>
execve("/bin/su", ["su", "zwerg"], [/* 43 vars */]) = 0
brk(0) = 0x804cbc0
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=5414, ...}) = 0
old_mmap(NULL, 5414, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
close(3) = 0
open("/lib/libcrypt.so.1", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=61180, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\36 0\r\0"..., 4096) = 4096
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
old_mmap(NULL, 182076, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40017000
mprotect(0x4001c000, 161596, PROT_NONE) = 0
old_mmap(0x4001c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4000) = 0x4001c000
old_mmap(0x4001d000, 157500, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4001d000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=71846, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\3 5\0\000"..., 4096) = 4096
old_mmap(NULL, 12588, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40044000
mprotect(0x40046000, 4396, PROT_NONE) = 0
old_mmap(0x40046000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x40046000
close(3) = 0
open("/lib/libpam.so.0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=31449, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\2 2\0\000"..., 4096) = 4096
old_mmap(NULL, 31172, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40048000
mprotect(0x4004f000, 2500, PROT_NONE) = 0
old_mmap(0x4004f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6000) = 0x4004f000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=4070406, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20 \214"..., 4096) = 4096
old_mmap(NULL, 929308, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40050000
mprotect(0x4012b000, 32284, PROT_NONE) = 0
old_mmap(0x4012b000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xda000) = 0x4012b000
old_mmap(0x40130000, 11804, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40130000
close(3) = 0
munmap(0x40014000, 5414) = 0
getpid() = 1121
brk(0) = 0x804cbc0
brk(0x804cbf8) = 0x804cbf8
brk(0x804d000) = 0x804d000
open("/usr/share/locale/locale.alias", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/i18n/locale.alias", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/german/LC_CTYPE", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/i18n/german/LC_CTYPE", O_RDONLY) = -1 ENOENT (No such file or directory)
brk(0x804e000) = 0x804e000
socket(PF_UNIX, SOCK_STREAM, 0) = 3
connect(3, {sin_family=AF_UNIX, path=" /var/run/.nscd_socket"}, 110) = -1 ECONNREFUSED (Connection refused)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=1342, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1342
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=5414, ...}) = 0
old_mmap(NULL, 5414, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
close(3) = 0
open("/lib/libnss_compat.so.2", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=215589, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000 \31\0"..., 4096) = 4096
old_mmap(NULL, 45612, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40133000
mprotect(0x4013d000, 4652, PROT_NONE) = 0
old_mmap(0x4013d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x9000) = 0x4013d000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=369801, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\36 0?\0"..., 4096) = 4096
old_mmap(NULL, 90824, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4013f000
mprotect(0x40152000, 13000, PROT_NONE) = 0
old_mmap(0x40152000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x12000) = 0x40152000
old_mmap(0x40153000, 8904, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40153000
close(3) = 0
munmap(0x40014000, 5414) = 0
uname({sys="Linux", node="izr", ...}) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=939, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/:wqba"..., 4096) = 939
close(3) = 0
munmap(0x40014000, 4096) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=221, ...}) = 0
open("/etc/pam.d/su", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=268, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
read(3, "#%PAM-1.0\nauth sufficient "..., 4096) = 268
open("/lib/security/pam_rootok.so", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=5551, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\7 \0\000"..., 4096) = 4096
brk(0x804f000) = 0x804f000
old_mmap(NULL, 7036, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40156000
mprotect(0x40157000, 2940, PROT_NONE) = 0
old_mmap(0x40157000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40157000
close(4) = 0
open("/lib/security/pam_unix.so", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=45671, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p$\ 0\000"..., 4096) = 4096
old_mmap(NULL, 43556, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40158000
mprotect(0x40162000, 2596, PROT_NONE) = 0
old_mmap(0x40162000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x9000) = 0x40162000
close(4) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=5414, ...}) = 0
old_mmap(NULL, 5414, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40163000
close(4) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=235932, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000 \0\000"..., 4096) = 4096
old_mmap(NULL, 35648, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40165000
mprotect(0x4016d000, 2880, PROT_NONE) = 0
old_mmap(0x4016d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x7000) = 0x4016d000
close(4) = 0
open("/lib/libnss_nis.so.2", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=254023, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20 \37\0"..., 4096) = 4096
old_mmap(NULL, 39672, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4016e000
mprotect(0x40177000, 2808, PROT_NONE) = 0
old_mmap(0x40177000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x8000) = 0x40177000
close(4) = 0
open("/lib/libnss_nisplus.so.2", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=256497, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30 0\36"..., 4096) = 4096
old_mmap(NULL, 44692, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40178000
mprotect(0x40182000, 3732, PROT_NONE) = 0
old_mmap(0x40182000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x9000) = 0x40182000
close(4) = 0
munmap(0x40163000, 5414) = 0
brk(0x8050000) = 0x8050000
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
open("/etc/pam.d/other", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=519, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
read(3, "#%PAM-1.0\nauth\t required\t/lib/se"..., 4096) = 519
open("/lib/security/pam_warn.so", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=6424, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\22 0\10"..., 4096) = 4096
old_mmap(NULL, 7712, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40163000
mprotect(0x40164000, 3616, PROT_NONE) = 0
old_mmap(0x40164000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40164000
close(4) = 0
open("/lib/security/pam_pwcheck.so", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=18546, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\32 0\20"..., 4096) = 4096
old_mmap(NULL, 18608, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40183000
mprotect(0x40187000, 2224, PROT_NONE) = 0
old_mmap(0x40187000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x3000) = 0x40187000
close(4) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=5414, ...}) = 0
old_mmap(NULL, 5414, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40188000
close(4) = 0
open("/usr/lib/libcrack.so.2", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=33323, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30 0\31"..., 4096) = 4096
old_mmap(NULL, 46816, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4018a000
mprotect(0x40191000, 18144, PROT_NONE) = 0
old_mmap(0x40191000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x6000) = 0x40191000
old_mmap(0x40193000, 9952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40193000
close(4) = 0
brk(0x8051000) = 0x8051000
munmap(0x40188000, 5414) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
getuid() = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/0", 511) = 10
access("/var/run/utmpd.rw", F_OK) = -1 ENOENT (No such file or directory)
access("/var/run/utmpd.ro", F_OK) = -1 ENOENT (No such file or directory)
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
lseek(3, 0, SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x4011a6d0, [], 0x4000000}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0"..., 384) = 384
read(3, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0"..., 384) = 384
read(3, "\10\0\0\0v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \0\0"..., 384) = 384
read(3, "\7\0\0\0s\1\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0"..., 384) = 384
read(3, "\6\0\0\0\26\4\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0"..., 384) = 384
read(3, "\6\0\0\0.\4\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0"..., 384) = 384
read(3, "\6\0\0\0005\4\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0"..., 384) = 384
read(3, "\6\0\0\0E\4\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0"..., 384) = 384
read(3, "\6\0\0\0[\1\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "", 384) = 0
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 1
close(3) = 0
getuid() = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=939, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:0:root:/root:/bin/:wqba"..., 4096) = 939
close(3) = 0
munmap(0x40014000, 4096) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
brk(0x8053000) = 0x8053000
readlink("/proc/self/fd/2", "/dev/pts/0", 4095) = 10
brk(0x8056000) = 0x8056000
time([1014824039]) = 1014824039
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGPIPE, {0x400edec0, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sin_family=AF_UNIX, path=" /dev/log"}, 16) = 0
send(3, "<37>Feb 27 15:33:59 su: (to zwer"..., 53, 0) = 53
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
open("/etc/group", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=495, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 495
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
setgroups(4, [100, 14, 16, 102]) = 0
setgid(100) = 0
setuid(503) = 0
time([1014824039]) = 1014824039
getpid() = 1121
rt_sigaction(SIGPIPE, {0x400edec0, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sin_family=AF_UNIX, path=" /dev/log"}, 16) = 0
send(3, "<39>Feb 27 15:33:59 PAM-unix2[11"..., 80, 0) = 80
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
fork() = 1122
[pid 1121] rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
[pid 1121] rt_sigaction(SIGTERM, {0x8049e70, [], 0x4000000}, NULL, 8) = 0
[pid 1121] rt_sigprocmask(SIG_UNBLOCK, [ALRM TERM], NULL, 8) = 0
[pid 1121] wait4(-1, <unfinished ...>
[pid 1122] munmap(0x40156000, 7036) = 0
[pid 1122] munmap(0x40158000, 43556) = 0
[pid 1122] munmap(0x40165000, 35648) = 0
[pid 1122] munmap(0x4016e000, 39672) = 0
[pid 1122] munmap(0x40178000, 44692) = 0
[pid 1122] munmap(0x40163000, 7712) = 0
[pid 1122] munmap(0x40183000, 18608) = 0
[pid 1122] munmap(0x4018a000, 46816) = 0
[pid 1122] execve("/bin/bash", ["bash"], [/* 43 vars */]) = -1 EACCES (Permission denied)
[pid 1122] write(2, "su: ", 4su: ) = 4
[pid 1122] write(2, "cannot run /bin/bash", 20cannot run /bin/bash) = 20
[pid 1122] write(2, ": Permission denied", 19: Permission denied) = 19
[pid 1122] write(2, "\n", 1
) = 1
[pid 1122] _exit(1) = ?
<... wait4 resumed> [WIFEXITED(s) && WEXITSTATUS(s) == 1], WUNTRACED, NULL) = 1122
time([1014824039]) = 1014824039
getpid() = 1121
rt_sigaction(SIGPIPE, {0x400edec0, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sin_family=AF_UNIX, path=" /dev/log"}, 16) = 0
send(3, "<39>Feb 27 15:33:59 PAM-unix2[11"..., 81, 0) = 81
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
munmap(0x40156000, 7036) = 0
munmap(0x40158000, 43556) = 0
munmap(0x40165000, 35648) = 0
munmap(0x4016e000, 39672) = 0
munmap(0x40178000, 44692) = 0
munmap(0x40163000, 7712) = 0
munmap(0x40183000, 18608) = 0
munmap(0x4018a000, 46816) = 0
_exit(1) = ?
[15:33:59][root@izr $]exit
Script done on Wed Feb 27 15:34:03 2002
[/CODE]
Powered by vBulletin® Version 4.2.5 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.