From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 23 15:00:06 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D929C16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 23 Jul 2004 15:00:06 +0000 (GMT)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8FA9E43D2F
	for <freebsd-questions@freebsd.org>;
	Fri, 23 Jul 2004 15:00:06 +0000 (GMT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.12.10/8.12.10) id i6NF05q7018807;
	Fri, 23 Jul 2004 10:00:05 -0500 (CDT)
	(envelope-from dan)
Date: Fri, 23 Jul 2004 10:00:05 -0500
From: Dan Nelson <dnelson@allantgroup.com>
To: Steve Bertrand <iaccounts@ibctech.ca>
Message-ID: <20040723150005.GC3234@dan.emsphone.com>
References: <1557.209.167.16.15.1090593146.squirrel@209.167.16.15>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1557.209.167.16.15.1090593146.squirrel@209.167.16.15>
X-OS: FreeBSD 5.2-CURRENT
X-message-flag: Outlook Error
User-Agent: Mutt/1.5.6i
cc: freebsd-questions@freebsd.org
Subject: Re: setuid diffs...
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2004 15:00:07 -0000

In the last episode (Jul 23), Steve Bertrand said:
> Late yesterday, I ``cloned'' my single, primary IDE FreeBSD hard disk
> onto a larger one. Then, using a Promise ATA IDE RAID controller I
> built a RAID-1 array.
> 
> Everything went as planned, the box is now back up using the 'ar'
> driver for the array. However, in the security run output last night,
> I got this:
> 
> Checking setuid files and devices:
> 
> pearl.ibctech.ca setuid diffs:
> 1,73c1,73
> < 106   -r-sr-xr-x  1 root  wheel     251444 Jul 16 12:07:10 2004 /bin/rcp 
> < 15904 -r-xr-sr-x  1 root  kmem       66216 Jul 16 12:07:25 2004 /sbin/ccdconfig
> < 15949 -r-sr-xr-x  1 root  wheel     203992 Jul 16 12:07:28 2004 /sbin/ping
> 
> and down further:
> 
> > 1036 -r-sr-xr-x  1 root  wheel     251444 Jul 16 12:07:10 2004 /bin/rcp
> > 1292 -r-xr-sr-x  1 root  kmem       66216 Jul 16 12:07:25 2004 /sbin/ccdconfig
> > 1339 -r-sr-xr-x  1 root  wheel     203992 Jul 16 12:07:28 2004 /sbin/ping

It looks like the only difference is the inode number, which is
reasonable since you copied the files to a new disk.

-- 
	Dan Nelson
	dnelson@allantgroup.com