My guess is that there is nothing to be worried about, however i could
be wrong. Let me explain..
This morning i received the same kind of message in my security run
output (yesterday i've updated all my ports):
Checking setuid files and devices:
nlp setuid diffs:
--- /var/log/setuid.today Fri Aug 25 08:12:19 2006
+++ /tmp/security.Ia2whJjb Wed Aug 30 08:15:56 2006
@@ -3,8 +3,8 @@
49434 -r-sr-xr-x 1 root wheel 23648 Aug 22 11:05:26 2006 /sbin/ping
49435 -r-sr-xr-x 1 root wheel 31924 Aug 22 11:05:26 2006 /sbin/ping6
49448 -r-sr-x--- 1 root operator 10308 Aug 22 11:05:27 2006 /sbin/shutdown
-7795756 -rws--x--x 1 root wheel 2069783 Aug 24 09:17:07 2006
/usr/X11R6/bin/Xorg
-7795717 -rws--x--x 1 root wheel 303748 Aug 24 09:03:51 2006
/usr/X11R6/bin/xterm
+7795722 -rws--x--x 1 root wheel 2069783 Aug 29 13:08:10 2006
/usr/X11R6/bin/Xorg
+7796599 -rws--x--x 1 root wheel 305764 Aug 29 12:57:30 2006
/usr/X11R6/bin/xterm
1625095 -r-sr-xr-x 4 root wheel 22260 Aug 22 11:05:50 2006 /usr/bin/at
1625095 -r-sr-xr-x 4 root wheel 22260 Aug 22 11:05:50 2006 /usr/bin/atq
1625095 -r-sr-xr-x 4 root wheel 22260 Aug 22 11:05:50 2006 /usr/bin/atrm
If i look at my message, i see that lines between 3 to 8 have been changed.
After a manual diff between /var/log/setuid.today/yesterday i only get the xorg
related lines. Which is correct, since i remember seeing some xorg ports being
updated.
In your message you state, "Begin forwarded message [some Xorg update warnings
deleted]:"
Isn't it so that in your message, lines 3 to 12 are just port related binaries? (i assume xorg related). Meaning that ping/ping6, etc aren't updated at all. At least i don't see the +/- signs infront of your ping/ping6 ones.
My guess.
Greets.
Nick
dick hoogendijk wrote:
I'm a little worried after reading the security output this morning.
It seems some files [ping, ping6, shutdown, at, atq and atrm] have
setuid diffs. I really don't know why this could have happened.
I updated some ports yesterday, but I don't think any port writes
in /sbin (?)
Could someboddy advice me on what can have happened?
Begin forwarded message [some Xorg update warnings deleted]:
Checking setuid files and devices:
Checking setuid files and devices:
lothlorien.nagual.nl setuid diffs:
--- /var/log/setuid.today Mon Aug 14 03:03:25 2006
+++ /tmp/security.aJbHsCR6 Sun Aug 27 03:03:22 2006
@@ -3,12 +3,12 @@
23637 -r-sr-xr-x 1 root wheel 21792 May 12 21:47:15
2006 /sbin/ping
23638 -r-sr-xr-x 1 root wheel 28660 May 12
21:47:15 2006 /sbin/ping6
23651 -r-sr-x--- 1 root operator 10148
May 12 21:47:17 2006 /sbin/shutdown
7042059 -r-sr-xr-x 4 root wheel 20948
May 12 21:48:10 2006 /usr/bin/at
7042059 -r-sr-xr-x 4 root
wheel 20948 May 12 21:48:10 2006 /usr/bin/atq
7042059 -r-sr-xr-x 4
root wheel 20948 May 12 21:48:10 2006 /usr/bin/atrm
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
