From owner-freebsd-security  Fri Nov  6 05:18:03 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA28530
          for freebsd-security-outgoing; Fri, 6 Nov 1998 05:18:03 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from easeway.com (ns1.easeway.com [209.69.71.100])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA28479
          for <freebsd-security@freebsd.org>; Fri, 6 Nov 1998 05:18:00 -0800 (PST)
          (envelope-from mwlucas@easeway.com)
Received: (from mwlucas@localhost)
	by easeway.com (8.8.7/8.8.5) id HAA22049
	for freebsd-security@freebsd.org; Fri, 6 Nov 1998 07:58:31 -0500 (EST)
Message-Id: <199811061258.HAA22049@easeway.com>
Subject: *huge* setuid diffs
To: freebsd-security@FreeBSD.ORG
Date: Fri, 6 Nov 1998 07:58:31 -0500 (EST)
From: mwlucas@exceptionet.com
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Folks,

I just got /etc/security mail from two 2.2.6 servers I administer.  The
setuid diffs list every setuid program on the server as having been removed
and replaced.

We haven't done a make world.  We haven't touched much of anything.

Is this normal, or should I be worried? 

Both are running a very recent apache 1.2, sshd, ftpd.  One is running
apache-SSL, the other runs named and Merit radiusd. 

Thanks,
Michael

-- 
Michael Lucas			|
Exceptionet, Inc.		|	www.exceptionet.com
"Exceptional Networking"	|

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message