Date: Wed, 17 Dec 1997 12:55:40 -0500 From: Dave Chapeskie <dchapes@ddm.on.ca> To: freebsd-security@FreeBSD.ORG Subject: Re: Is this something to worry about? Message-ID: <19971217125540.06561@ddm.on.ca> In-Reply-To: <Pine.BSF.3.95.971217080125.2048B-100000@localhost.tu-graz.ac.at>; from Martin Kammerhofer on Wed, Dec 17, 1997 at 08:05:02AM %2B0100 References: <199712170222.MAA01090@word.smith.net.au> <Pine.BSF.3.95.971217080125.2048B-100000@localhost.tu-graz.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Dec 1997, Mike Smith wrote: > This is a "feature" of the system; occasionally executables appear to > be written to while they're running. Nobody has been able to work out > why; the write doesn't appear to change any of the actual contents of > the file. On Wed, Dec 17, 1997 at 08:05:02AM +0100, Martin Kammerhofer wrote: > And it breaks things like tripwire ;-I Things like tripwire should be looking at the md5, not the timestamp. The same thing goes for the stuff in /etc/security that uses an ugly find | xargs ls | sort pipe to get a list of suid timestamps. This is silly and usless when they should be using mtree(8) with the "md5digest" keyword. -- Dave Chapeskie, DDM Consulting E-Mail: dchapes@ddm.on.ca
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971217125540.06561>