From owner-freebsd-questions@FreeBSD.ORG Mon May 21 18:59:34 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CEFD916A41F for ; Mon, 21 May 2007 18:59:34 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id A6C3C13C44B for ; Mon, 21 May 2007 18:59:34 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1HqD6T-0000xO-Sg for freebsd-questions@freebsd.org; Mon, 21 May 2007 11:59:33 -0700 Message-ID: <10724835.post@talk.nabble.com> Date: Mon, 21 May 2007 11:59:33 -0700 (PDT) From: PeterPluta To: freebsd-questions@freebsd.org In-Reply-To: <20070521144544.09ec771b.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: peter@placidpublishing.net References: <10724342.post@talk.nabble.com> <20070521144544.09ec771b.wmoran@potentialtech.com> Subject: Re: Security Run Output Setuid Differences X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2007 18:59:34 -0000 Bill Moran wrote: > > On Mon, 21 May 2007 11:34:25 -0700 (PDT) > PeterPluta wrote: > >> >> I did a lot of port hacking yesterday. By that I mean screwing up and >> redoing >> lots of things. Anyway, I woke up today to find this email in my inbox. >> >> Checking setuid files and devices: >> >> mail.placidpublishing.net setuid diffs: >> --- /var/log/setuid.today Fri May 18 03:02:47 2007 >> +++ /tmp/security.207RUJmY Mon May 21 03:02:30 2007 >> @@ -3,7 +3,6 @@ >> 70745 -r-sr-xr-x 1 root wheel 21792 Jul 30 16:19:55 2006 >> /sbin/ping >> 70746 -r-sr-xr-x 1 root wheel 28660 Jul 30 16:19:55 2006 >> /sbin/ping6 >> 70721 -r-sr-x--- 1 root operator 10148 Jul 30 16:19:56 2006 >> /sbin/shutdown >> -165583 -rws--x--x 1 root wheel 268432 Apr 14 14:05:10 2007 >> /usr/X11R6/bin/xterm >> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006 >> /usr/bin/chfn >> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006 >> /usr/bin/chpass >> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006 >> /usr/bin/chsh >> @@ -19,9 +18,9 @@ >> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006 >> /usr/bin/ypchpass >> 377219 -r-sr-xr-x 6 root wheel 17532 Jul 30 16:19:56 2006 >> /usr/bin/ypchsh >> 377398 -r-sr-xr-x 2 root wheel 5828 Jul 30 16:19:57 2006 >> /usr/bin/yppasswd >> -72750 -rwsr-xr-x 1 root wheel 285580 Nov 2 01:21:29 2006 >> /usr/local/bin/screen >> -71569 -rwxr-sr-x 1 root kmem 112708 Feb 3 17:17:26 2007 >> /usr/local/sbin/lsof >> -71923 -rwxr-sr-x 1 root maildrop 142559 May 17 14:41:47 2007 >> /usr/local/sbin/postdrop >> -71924 -rwxr-sr-x 1 root maildrop 152477 May 17 14:41:47 2007 >> /usr/local/sbin/postqueue >> +71112 -rwsr-xr-x 1 root wheel 285580 May 20 18:23:48 2007 >> /usr/local/bin/screen >> +70971 -rwxr-sr-x 1 root kmem 112708 May 20 18:23:03 2007 >> /usr/local/sbin/lsof >> +73170 -rwxr-sr-x 1 root maildrop 142559 May 17 14:41:47 2007 >> /usr/local/sbin/postdrop >> +73204 -rwxr-sr-x 1 root maildrop 152477 May 17 14:41:47 2007 >> /usr/local/sbin/postqueue >> 923168 -rwxr-sr-x 1 root smmsp 5236 Jul 30 16:20:07 2006 >> /usr/sbin/mailwrapper >> 923264 -r-sr-x--- 1 root network 11636 Jul 30 16:20:07 2006 >> /usr/sbin/sliplogin >> >> >> What exactly does this all mean? Specifically the @@ -19,9 +18,9 @@ >> stuff. >> Also, why did this all of a sudden appear? > > Looks like you were portupgrading around with postfix, screen and xterm. > > The output is diff(1). See the man page for details, but it's basically > showing you the difference between last night's directory listing, and > that > of the previous day. > > For more gory details, see the scripts in /etc/periodic/security, which > are > run every night from cron. Some of the ports you changed resulted in > changes to setuid/setgid programs installed on the system. As a security- > concious administrator, you should be interested in the programs on your > system that have elevated privilidges, so this script is provided to give > you a daily report on that. > > -- > Bill Moran > Potential Technologies > http://www.potentialtech.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > I see, so basically after reinstalling the default uid/gid of some programs changed? Is that a problem or anything? -- View this message in context: http://www.nabble.com/Security-Run-Output-Setuid-Differences-tf3792025.html#a10724835 Sent from the freebsd-questions mailing list archive at Nabble.com.