Date: Wed, 6 Jun 2007 19:44:30 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Peter Pluta <peter@placidpublishing.net> Cc: freebsd-questions@freebsd.org Subject: Re: Security Run Output Setuid Differences Message-ID: <20070606174430.GD59161@slackbox.xs4all.nl> In-Reply-To: <10979516.post@talk.nabble.com> References: <10724342.post@talk.nabble.com> <20070521144544.09ec771b.wmoran@potentialtech.com> <10724835.post@talk.nabble.com> <20070521200212.GA95817@slackbox.xs4all.nl> <10979516.post@talk.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--veXX9dWIonWZEC6h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 05, 2007 at 04:11:24PM -0700, Peter Pluta wrote: > mail.***********.net setuid diffs: > --- /var/log/setuid.today Mon May 21 03:02:30 2007 > +++ /tmp/security.wq6BsVcr Sun Jun 3 03:01:48 2007 > @@ -20,7 +20,7 @@ > 377398 -r-sr-xr-x 2 root wheel 5828 Jul 30 16:19:57 2006 > /usr/bin/yppasswd > 71112 -rwsr-xr-x 1 root wheel 285580 May 20 18:23:48 2007 > /usr/local/bin/screen > 70971 -rwxr-sr-x 1 root kmem 112708 May 20 18:23:03 2007 > /usr/local/sbin/lsof > -73170 -rwxr-sr-x 1 root maildrop 142559 May 17 14:41:47 2007 > /usr/local/sbin/postdrop > -73204 -rwxr-sr-x 1 root maildrop 152477 May 17 14:41:47 2007 > /usr/local/sbin/postqueue > +71432 -rwxr-sr-x 1 root maildrop 142559 Jun 2 15:47:54 2007 > /usr/local/sbin/postdrop > +71433 -rwxr-sr-x 1 root maildrop 152477 Jun 2 15:47:54 2007 > /usr/local/sbin/postqueue > 923168 -rwxr-sr-x 1 root smmsp 5236 Jul 30 16:20:07 2006 > /usr/sbin/mailwrapper > 923264 -r-sr-x--- 1 root network 11636 Jul 30 16:20:07 2006 > /usr/sbin/sliplogin >=20 > I have some more, I'm starting to understand it a bit better. Basically t= he > user:group id number has changed and the security run is letting me know. > Good deal, but im still confused as to what the @@ -20,7 + 20,7 @@ and + - > mean. Can anyone explain those? I'm curious, also why would yppasswd chan= ge > to userid 2? I changed roots name yesterday, could that be the cause of i= t? Those are a normal part of the output of the diff(1) program that generates this. Basically, the script /etc/periodic/security/100.chksetuid makes a list of all setiud or setgid binaries. This list is compared with the previous list by the diff(1) program, which shows the differences. If you have a text file lying around, make a copy of it and change a couple of lines in the copy. Then do 'diff -u originalfile newfile' and you'll see how it works. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --veXX9dWIonWZEC6h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFGZvJ+EnfvsMMhpyURArnzAJ47gEvDPZ4ECCcrSw7xv6dYPkkgLACffCxS wH0i0D3WGu9qCB3qyje38hI= =Rqsa -----END PGP SIGNATURE----- --veXX9dWIonWZEC6h--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070606174430.GD59161>