Date: Thu, 10 Aug 1995 04:07:35 -0500 (CDT) From: Mike Pritchard <mpp@mpp.minn.net> To: freebsd-hackers@freebsd.org Subject: daily insecurity output (fwd) Message-ID: <199508100907.EAA02358@mpp.minn.net>
next in thread | raw e-mail | index | archive | help
I received the following from the security section of my /etc/daily report, and I'm not totally sure what to make of it. My last make world/install was on Jul 13, but I know I did not re-install a new /bin/ps today. However, I did reboot my machine at 18:23 at that time to clear up a problem that was causing all of the virtual consoles to be unusable. > checking setuid files and devices: > mpp setuid/device diffs: > 2c2 > < -r-xr-sr-x 1 bin kmem 151552 Jul 13 18:04:08 1995 /bin/ps > --- > > -r-xr-sr-x 1 bin kmem 151552 Aug 9 18:23:38 1995 /bin/ps I think I also located another binary with an odd timestamp, but I'll have to look into that some more. Probably the most important fact in all this is that the reboot I did at 18:23 was to boot a -current kernel. Before that I was running a kernel that was about 2 - 2.5 weeks behind -current. Does anyone have any ideas about this? (I'm doing a full security audit as I type this to see if I might have had a real breakin) -- Mike Pritchard mpp@mpp.minn.net "Go that way. Really fast. If something gets in your way, turn"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508100907.EAA02358>