From owner-freebsd-security Fri Aug 7 03:44:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA16669 for freebsd-security-outgoing; Fri, 7 Aug 1998 03:44:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA16563 for ; Fri, 7 Aug 1998 03:43:56 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id MAA29824 for FreeBSD-security@FreeBSD.ORG; Fri, 7 Aug 1998 12:43:38 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (VMailer, from userid 101) id D7AA51527; Fri, 7 Aug 1998 12:20:35 +0200 (CEST) Message-ID: <19980807122035.A4145@keltia.freenix.fr> Date: Fri, 7 Aug 1998 12:20:35 +0200 From: Ollivier Robert To: FreeBSD-security@FreeBSD.ORG Subject: Re: Does this mean we have another breakin? Mail-Followup-To: FreeBSD-security@FreeBSD.ORG References: <199808051643.KAA04281@lariat.lariat.org> <19980805234700.A23220@keltia.freenix.fr> <19980806131045.A28059@keltia.freenix.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i In-Reply-To: ; from Just Another Perl Hacker on Fri, Aug 07, 1998 at 12:21:57PM +0900 X-Operating-System: FreeBSD 3.0-CURRENT ctm#4527 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Just Another Perl Hacker: > I assume that this spontaneous writebacks *could* occur not only to > setuid(2)'d executables such as sendmail(8), but to arbitrary command > as a file on the filesystem. Of course but unless you run Tripwire, the /etc/security script will detect changes only on setuid/setgid ones. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #62: Mon Jul 27 20:47:08 CEST 1998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message