Date: Fri, 09 Jan 1998 09:17:11 +1030 From: Mike Smith <mike@smith.net.au> To: Lance Hartford <lhartfor@mtghouse.com> Cc: freebsd-security@freebsd.org Subject: Re: /usr/bin/su modification time changing Message-ID: <199801082247.JAA01042@word.smith.net.au> In-Reply-To: Your message of "Thu, 08 Jan 1998 09:40:30 CDT." <Pine.BSF.3.95.980108093729.14685B-100000@larry>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I just installed 2.2.5 on a PC and I received the following portion of > message in a security mail that was sent out last night: > > xyz setuid diffs: > 152c152 > < -r-sr-xr-x 1 root bin 16384 Oct 21 10:19:25 1997 /usr/bin/su > --- > > -r-sr-xr-x 1 root bin 16384 Jan 7 19:40:28 1998 /usr/bin/su > > I did a "sum" on the /usr/bin/su on another system onsite, and found > that there was no difference compared to the one on this system. Does > this imply that there is a security problem at my site? This is a known quirk in 2.x systems. If you are concerned about this sort of thing (ie. you have shell accounts on your system), you might want to look at a tool that uses stronger checksumming (esp. MD5) for verification. Also, you would be *much* better off using the "Live Filesystem" CD for reference rather than another system, as both may have been compromised. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801082247.JAA01042>