Date: 14 Feb 1997 10:21:57 -0800 From: jdp@polstra.com (John Polstra) To: freebsd-current@freebsd.org Subject: Re: [root@server.blaze.net.au: server security check output] Message-ID: <5e2ag5$h65@austin.polstra.com> References: <19970215033810.19932@usn.blaze.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <19970215033810.19932@usn.blaze.net.au>, David Nugent <davidn@labs.usn.blaze.net.au> wrote: > This is the second time I've seen this since I last built > world - something has "touched" sendmail. It doesn't appear to > have been hacked, and I even checked the md5 against what it was > originally when I last installed sendmail and it hasn't changed. > But suddenly the file date has been modified, and only a couple > of hours ago. Yes, I have seen this sort of thing in all versions of FreeBSD since 2.0.5, the first one I used. It's not specific to sendmail, although I've only noticed it in setuid programs. (That may be just because those are the ones that show up in the security logs.) I have seen it happen to my X server a couple of times. It is some kind of anomaly involving the VM system, I would guess. I don't like it either, but nobody has ever been able to explain it, as far as I know. On my system, I see it maybe once every 4-6 months. I don't think anybody knows of a way to make it happen deliberately. John P. -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Self-knowledge is always bad news." -- John Barth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5e2ag5$h65>