Date: Wed, 7 May 1997 08:12:39 -0500 (CDT) From: Guy Helmer <ghelmer@cs.iastate.edu> To: "Jay L. West" <jlwest@tseinc.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Question on security check output... Message-ID: <Pine.HPP.3.96.970507080224.22179A-100000@sunfire.cs.iastate.edu> In-Reply-To: <199705071219.HAA06809@gatekeeper.tseinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 May 1997, Jay L. West wrote: > This just popped up in my daily security check output email to > root. I've never seen this one before and wanted to see what it > meant. Can anyone offer an explanation? > > ---start snip--- > 80a80 > > -r-xr-sr-x 1 bin kmem 12288 Jul 16 21:34:55 1996 /usr/sbin/trpt > 83d82 > < -r-xr-sr-x 1 bin kmem 12288 Jul 16 21:34:55 1996 /usr/sbin/trpt > ---end snip--- > > This is definitely new. Any ideas? It's an artifact of the way xargs breaks up lists of files and feeds them to ls, and then ls arbitrarily defines column widths as needed for a particular list of files. In this case, /usr/sbin/trpt apparently is in a different group of files (thanks to xargs) than it previously was, and ls apparently didn't need as much space for the file size field (due to some other "large" file) as it did before. Current /etc/security scripts have a "-b" in the diff command line which should ignore this change in whitespace. However, it may be even more disconcerting to an administrator because, despite the "-b" option, the administrator will see a message "$host setuid diffs:" followed by no output when this effect occurs :-( Guy Guy Helmer, Computer Science Grad Student, Iowa State - ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.HPP.3.96.970507080224.22179A-100000>