Security Run Output Setuid Differences
PeterPluta
peter at placidpublishing.net
Mon May 21 18:59:34 UTC 2007
Bill Moran wrote:
>
> On Mon, 21 May 2007 11:34:25 -0700 (PDT)
> PeterPluta <peter at placidpublishing.net> wrote:
>
>>
>> I did a lot of port hacking yesterday. By that I mean screwing up and
>> redoing
>> lots of things. Anyway, I woke up today to find this email in my inbox.
>>
>> Checking setuid files and devices:
>>
>> mail.placidpublishing.net setuid diffs:
>> --- /var/log/setuid.today Fri May 18 03:02:47 2007
>> +++ /tmp/security.207RUJmY Mon May 21 03:02:30 2007
>> @@ -3,7 +3,6 @@
>> 70745 -r-sr-xr-x 1 root wheel 21792 Jul 30 16:19:55 2006
>> /sbin/ping
>> 70746 -r-sr-xr-x 1 root wheel 28660 Jul 30 16:19:55 2006
>> /sbin/ping6
>> 70721 -r-sr-x--- 1 root operator 10148 Jul 30 16:19:56 2006
>> /sbin/shutdown
>> -165583 -rws--x--x 1 root wheel 268432 Apr 14 14:05:10 2007
>> /usr/X11R6/bin/xterm
>> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006
>> /usr/bin/chfn
>> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006
>> /usr/bin/chpass
>> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006
>> /usr/bin/chsh
>> @@ -19,9 +18,9 @@
>> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006
>> /usr/bin/ypchpass
>> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006
>> /usr/bin/ypchsh
>> 377398 -r-sr-xr-x 2 root wheel 5828 Jul 30 16:19:57 2006
>> /usr/bin/yppasswd
>> -72750 -rwsr-xr-x 1 root wheel 285580 Nov 2 01:21:29 2006
>> /usr/local/bin/screen
>> -71569 -rwxr-sr-x 1 root kmem 112708 Feb 3 17:17:26 2007
>> /usr/local/sbin/lsof
>> -71923 -rwxr-sr-x 1 root maildrop 142559 May 17 14:41:47 2007
>> /usr/local/sbin/postdrop
>> -71924 -rwxr-sr-x 1 root maildrop 152477 May 17 14:41:47 2007
>> /usr/local/sbin/postqueue
>> +71112 -rwsr-xr-x 1 root wheel 285580 May 20 18:23:48 2007
>> /usr/local/bin/screen
>> +70971 -rwxr-sr-x 1 root kmem 112708 May 20 18:23:03 2007
>> /usr/local/sbin/lsof
>> +73170 -rwxr-sr-x 1 root maildrop 142559 May 17 14:41:47 2007
>> /usr/local/sbin/postdrop
>> +73204 -rwxr-sr-x 1 root maildrop 152477 May 17 14:41:47 2007
>> /usr/local/sbin/postqueue
>> 923168 -rwxr-sr-x 1 root smmsp 5236 Jul 30 16:20:07 2006
>> /usr/sbin/mailwrapper
>> 923264 -r-sr-x--- 1 root network 11636 Jul 30 16:20:07 2006
>> /usr/sbin/sliplogin
>>
>>
>> What exactly does this all mean? Specifically the @@ -19,9 +18,9 @@
>> stuff.
>> Also, why did this all of a sudden appear?
>
> Looks like you were portupgrading around with postfix, screen and xterm.
>
> The output is diff(1). See the man page for details, but it's basically
> showing you the difference between last night's directory listing, and
> that
> of the previous day.
>
> For more gory details, see the scripts in /etc/periodic/security, which
> are
> run every night from cron. Some of the ports you changed resulted in
> changes to setuid/setgid programs installed on the system. As a security-
> concious administrator, you should be interested in the programs on your
> system that have elevated privilidges, so this script is provided to give
> you a daily report on that.
>
> --
> Bill Moran
> Potential Technologies
> http://www.potentialtech.com
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
I see, so basically after reinstalling the default uid/gid of some programs
changed? Is that a problem or anything?
--
View this message in context: http://www.nabble.com/Security-Run-Output-Setuid-Differences-tf3792025.html#a10724835
Sent from the freebsd-questions mailing list archive at Nabble.com.
More information about the freebsd-questions
mailing list