From owner-freebsd-questions@FreeBSD.ORG  Tue Jun 19 12:30:38 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9167416A469
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Jun 2007 12:30:38 +0000 (UTC)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net
	[69.17.117.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6EB9F13C4BD
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Jun 2007 12:30:38 +0000 (UTC)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: (qmail 9601 invoked from network); 19 Jun 2007 12:30:38 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd-questions@freebsd.org>; 19 Jun 2007 12:30:37 -0000
Received: from Lowell-Desk.lan (Lowell-Desk.lan [172.30.250.6])
	by be-well.ilk.org (Postfix) with ESMTP id 1FEE72843A;
	Tue, 19 Jun 2007 08:30:35 -0400 (EDT)
Received: by Lowell-Desk.lan (Postfix, from userid 1147)
	id 582001CD20; Tue, 19 Jun 2007 08:30:34 -0400 (EDT)
To: Andrew Robinson <A.Robinson@ms.unimelb.edu.au>
References: <20070617012100.GV63160@ms.unimelb.edu.au>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: Tue, 19 Jun 2007 08:30:34 -0400
In-Reply-To: <20070617012100.GV63160@ms.unimelb.edu.au> (Andrew Robinson's
	message of "Sun\, 17 Jun 2007 11\:21\:00 +1000")
Message-ID: <44ejk8rus5.fsf@Lowell-Desk.lan>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.99 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: New files in setuid.today
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: FreeBSD Questions <freebsd-questions@freebsd.org>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2007 12:30:38 -0000

Andrew Robinson <A.Robinson@ms.unimelb.edu.au> writes:

> I have some new file names in my /var/log/setuid.today file.  There
> are things on an external drive, pdfs, html documents, etc.  The only
> common factor that I can see is that all of them are 's' in the group
> permissions.  An example is:
>
> 1766558 -rw-r-sr--  1 andrewr  andrewr     8076 Jul 24 19:38:17 2005
> /home/andrewr/0.svn/0.infrastructure/www_public/andrewpr.JPG
>
> Just checking the names of the files, I know what each one of them is
> (or is supposed to be!) and none of them are supposed to bne
> executable.
>
> Can anyone tell me how this might happen, and what I should do to
> clean it up?  

The first thing to do is to see whether the contents of the files are
intact or not.  If they are, then I would strongly suspect filesystem
corruption and start trying to clean up on that basis.