From owner-freebsd-stable  Tue Dec 28  3:42:32 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from tank.skynet.be (tank.skynet.be [195.238.2.35])
	by hub.freebsd.org (Postfix) with ESMTP id 6E009150BA
	for <freebsd-stable@FreeBSD.ORG>; Tue, 28 Dec 1999 03:42:26 -0800 (PST)
	(envelope-from blk@skynet.be)
Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121])
	by tank.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id MAA24100
	for <freebsd-stable@FreeBSD.ORG>; Tue, 28 Dec 1999 12:42:25 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v04220803b48e3ef952a1@[195.238.1.121]>
In-Reply-To: <199912271656.RAA28357@dorifer.heim3.tu-clausthal.de>
References: <199912271656.RAA28357@dorifer.heim3.tu-clausthal.de>
Date: Tue, 28 Dec 1999 11:19:45 +0100
To: freebsd-stable@FreeBSD.ORG
From: Brad Knowles <blk@skynet.be>
Subject: Re: Huge differences in suid programs ?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 5:56 PM +0100 1999/12/27, Oliver Fromme wrote:

>  Well, the daily security script just does an "ls -l" on all
>  suid/sgid binaries and diffs them with the previous listing.

	I understand that part.

>  Therefore it will regard all differences in the ls -l output
>  as "differences".  This can be the ownership, time stamps, and
>  sizes of the files.

	I understand that part, too.

>                       Even if the actual contents of the files
>  are the same, the time stamps are not the same (because they
>  indicate the time at which the files where created), so the
>  daily security script will regard them as "different".

	My question has nothing to do with the daily security script 
noticing that things are different.  It has everything to do with why 
the binaries were replaced to begin with, if the contents of the 
binaries haven't changed.

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message