Date: Sun, 5 May 1996 09:55:45 -0400 (EDT) From: Brian Clapper <bmc@WillsCreek.COM> To: "John S. Dyson" <toor@dyson.iquest.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Weird system security output Message-ID: <199605051355.JAA00355@hovercraft.willscreek.com> In-Reply-To: <107643434@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "John" == John S Dyson <toor@dyson.iquest.net> writes: >> I have had this happen and have rationalized it, but I'm not sure if it >> is a cause. I always thought that it was because of the sup process >> adding new files and updating current ones. If I'm dead wrong please >> correct me. >> John> There IS a bug in -stable (might have been fixed recently) that modified John> dates on executables can get modified during paging. We just found a John> very subtile bug in pmap.c (it might be in the asm statements or in the John> register allocation associated with them), that appears to have been John> fixed when we rewrote the code. The bug that appears to have been John> fixed also could have been manifested by changed modify dates. This John> is a very very tough one. FYI, we noticed the same problem on our firewall. After a small bit of panic, we tracked it down. It corresponded exactly to when our system's time was re-synchronized via NTP. We were able to reproduce the problem manually on both FreeBSD (2.1) and BSDI (2.0.1) systems. John's explanation is consistent with our experimental observations. ----- Brian Clapper ....................... bmc@WillsCreek.COM -or- bmc@telebase.com http://www.netaxs.com/~bmc/ ......... PGP public key available on request Barth's Distinction: There are two types of people: those who divide people into two types, and those who don't.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605051355.JAA00355>