From owner-freebsd-security Mon Mar 29 23:24:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28]) by hub.freebsd.org (Postfix) with ESMTP id 45C9C14D29 for ; Mon, 29 Mar 1999 23:24:44 -0800 (PST) (envelope-from fullermd@futuresouth.com) Received: (from fullermd@localhost) by shell.futuresouth.com (8.9.3/8.9.3) id BAA10184; Tue, 30 Mar 1999 01:24:22 -0600 (CST) Date: Tue, 30 Mar 1999 01:24:22 -0600 From: "Matthew D. Fuller" To: "Harry M. Leitzell" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Curious about 'hoststat' Message-ID: <19990330012422.Z17547@futuresouth.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: ; from Harry M. Leitzell on Tue, Mar 30, 1999 at 02:02:24AM -0500 X-OS: FreeBSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Mar 30, 1999 at 02:02:24AM -0500, a little birdie told me that Harry M. Leitzell remarked > Well, I am going through a FreeBSD machine and removing the suid > bits on programs that have no purpose having them for a simple user host > machine. Going through /var/log/setuid.today and changing the permissions > on the programs seems like a good idea until I got to 'hoststat'. > > -r-sr-xr-x 5 root wheel 290016 Feb 15 05:45:23 1999 /usr/bin/hoststat I'm too asleep to look at CVS logs, but here's food for thought: 1) From strings-ing it, it looks like part of sendmail 2) [1:21:57] mortis:~ (ttyp5):{2417}% ktrace hoststat [1:22:13] mortis:~ (ttyp5):{2418}% page kdump < ktrace.out 19217 ktrace RET ktrace 0 19217 ktrace CALL readlink(0x200709a2,0xefbfd2c0,0x3f) 19217 ktrace NAMI "/etc/malloc.conf" 19217 ktrace RET readlink -1 errno 2 No such file or directory 19217 ktrace CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0) 19217 ktrace RET mmap 536985600/0x2001c000 19217 ktrace CALL break(0x5000) 19217 ktrace RET break 0 19217 ktrace CALL break(0x6000) 19217 ktrace RET break 0 19217 ktrace CALL execve(0xefbfd3c8,0xefbfd888,0xefbfd890) 19217 ktrace NAMI "/usr/local/bin/hoststat" 19217 ktrace RET execve -1 errno 2 No such file or directory 19217 ktrace CALL execve(0xefbfd3c8,0xefbfd888,0xefbfd890) 19217 ktrace NAMI "/usr/local/sbin/hoststat" 19217 ktrace RET execve -1 errno 2 No such file or directory 19217 ktrace CALL execve(0xefbfd3c8,0xefbfd888,0xefbfd890) 19217 ktrace NAMI "/usr/bin/hoststat" --- *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | Matthew Fuller http://www.over-yonder.net/ | * fullermd@futuresouth.com fullermd@over-yonder.net * | UNIX Systems Administrator Specializing in FreeBSD | * FutureSouth Communications ISPHelp ISP Consulting * | "The only reason I'm burning my candle at both ends, | * is because I haven't figured out how to light the * | middle yet" | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message