daily security run output (setuid)
Lowell Gilbert
Lowell at Be-Well.Ilk.Org
Fri Mar 10 17:12:13 UTC 2017
"James B. Byrne via freebsd-questions" <freebsd-questions at freebsd.org>
writes:
> Following a recent update we began to see this report:
>
> Checking setuid files and devices:
[...]
> This was a legitimate update as far as I can see. I can see that the
> mtime value has changed but why does the update not account for this
> with the security system?
Because having "the security system" trust that the the port update was
initiated by an appropriately authorized user would make it too easy to
hide a security breach.
More information about the freebsd-questions
mailing list