Date: Fri, 6 Nov 1998 11:13:36 -0600 (CST) From: "Jasper O'Malley" <jooji@webnology.com> To: security@FreeBSD.ORG Subject: Re: *huge* setuid diffs Message-ID: <Pine.LNX.4.02.9811061108500.30526-100000@mercury.webnology.com> In-Reply-To: <199811061419.RAA01848@enterprise.sl.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> I just got /etc/security mail from two 2.2.6 servers I administer. The
> setuid diffs list every setuid program on the server as having been
> removed and replaced.
>
> We haven't done a make world. We haven't touched much of anything.
>
> Is this normal, or should I be worried?
My guess is that the files just got old enough so that the ls -l
"last modified" information shows the year instead of the time, which
is reflected in the diff between /var/log/setuid.today and
/var/log/setuid.yesterday (which is what shows up in the mail
/etc/security sends to you).
Freaked me out the first time it happened to me, too. If that's indeed
what's happened, it's completely harmless.
Cheers,
Mick
The Reverend Jasper P. O'Malley dotdot:jooji@webnology.com
Systems Administrator ringring:asktheadmiral
Webnology, LLC woowoo:http://www.webnology.com/~jooji
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.02.9811061108500.30526-100000>