From owner-freebsd-stable  Mon Dec 27  8:56:40 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from dorifer.heim3.tu-clausthal.de (dorifer.heim3.tu-clausthal.de [139.174.243.252])
	by hub.freebsd.org (Postfix) with ESMTP id B017914BCE
	for <freebsd-stable@FreeBSD.ORG>; Mon, 27 Dec 1999 08:56:34 -0800 (PST)
	(envelope-from olli@dorifer.heim3.tu-clausthal.de)
Received: (from olli@localhost)
	by dorifer.heim3.tu-clausthal.de (8.8.8/8.8.8) id RAA28357
	for freebsd-stable@FreeBSD.ORG; Mon, 27 Dec 1999 17:56:33 +0100 (CET)
	(envelope-from olli)
Date: Mon, 27 Dec 1999 17:56:33 +0100 (CET)
From: Oliver Fromme <olli@dorifer.heim3.tu-clausthal.de>
Message-Id: <199912271656.RAA28357@dorifer.heim3.tu-clausthal.de>
To: freebsd-stable@FreeBSD.ORG
Subject: Re: Huge differences in suid programs ?
Organization: Administration TU Clausthal
Reply-To: freebsd-stable@FreeBSD.ORG
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: TIN [version 1.2 RZTUC(3) PL2]
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Brad Knowles wrote in list.freebsd-stable:
 > At 1:45 PM +0000 1999/12/27, Mark Ovens wrote:
 > 
 > >  The timestamp has changed on the files because make world replaced
 > >  them so they're different.
 > 
 > 	Right, but *why* are they so different?  Was it perhaps a change 
 > in a library, a change in the compiler, or was it that the source 
 > code for these programs itself actually changed so much?
 > 
 > 	I understand their being replaced (and why the security report 
 > would flag them all), but I don't understand why they were all so 
 > different to begin with.

Well, the daily security script just does an "ls -l" on all
suid/sgid binaries and diffs them with the previous listing.

Therefore it will regard all differences in the ls -l output
as "differences".  This can be the ownership, time stamps, and
sizes of the files.  Even if the actual contents of the files
are the same, the time stamps are not the same (because they
indicate the time at which the files where created), so the
daily security script will regard them as "different".

It's a feature.  ;)

Regards
   Oliver

-- 
Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany
(Info: finger userinfo:olli@dorifer.heim3.tu-clausthal.de)

"In jedem Stück Kohle wartet ein Diamant auf seine Geburt"
                                         (Terry Pratchett)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message