From owner-freebsd-questions@FreeBSD.ORG  Sun Aug 27 09:48:19 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A0BBC16A4DA
	for <freebsd-questions@freebsd.org>;
	Sun, 27 Aug 2006 09:48:19 +0000 (UTC) (envelope-from dick@nagual.nl)
Received: from nagual.nl (cc20684-a.assen1.dr.home.nl [82.74.7.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0723F43D49
	for <freebsd-questions@freebsd.org>;
	Sun, 27 Aug 2006 09:48:18 +0000 (GMT) (envelope-from dick@nagual.nl)
Received: from localhost (localhost [127.0.0.1]) (uid 1000)
	by nagual.nl with local; Sun, 27 Aug 2006 11:48:17 +0200
	id 00039824.44F16A61.0000609E
Date: Sun, 27 Aug 2006 11:48:17 +0200
From: dick hoogendijk <dick@nagual.nl>
To: freebsd-questions@freebsd.org
Message-Id: <20060827114817.5b5124dd.dick@nagual.nl>
Organization: de nagual
X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Fw: lothlorien.nagual.nl security run output
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Aug 2006 09:48:19 -0000

I'm a little worried after reading the security output this morning.
It seems some files [ping, ping6, shutdown, at, atq and atrm] have
setuid diffs. I really don't know why this could have happened.
I updated some ports yesterday, but I don't think any port writes
in /sbin (?)
Could someboddy advice me on what can have happened?

Begin forwarded message [some Xorg update warnings deleted]:

Checking setuid files and devices:
Checking setuid files and devices:

lothlorien.nagual.nl setuid diffs:
--- /var/log/setuid.today	Mon Aug 14 03:03:25 2006
+++ /tmp/security.aJbHsCR6	Sun Aug 27 03:03:22 2006
@@ -3,12 +3,12 @@
23637 -r-sr-xr-x  1 root  wheel      21792 May 12 21:47:15
2006 /sbin/ping
23638 -r-sr-xr-x  1 root  wheel      28660 May 12
21:47:15 2006 /sbin/ping6
23651 -r-sr-x---  1 root  operator   10148
May 12 21:47:17 2006 /sbin/shutdown
7042059 -r-sr-xr-x  4 root  wheel      20948
May 12 21:48:10 2006 /usr/bin/at
7042059 -r-sr-xr-x  4 root
wheel     20948 May 12 21:48:10 2006 /usr/bin/atq
7042059 -r-sr-xr-x  4
root     wheel     20948 May 12 21:48:10 2006 /usr/bin/atrm

-- 
dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE
++ Running FreeBSD 6.1 +++ The Power to Serve