Date: Thu, 8 Jan 1998 12:32:35 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: lhartfor@mtghouse.com Cc: freebsd-security@freebsd.org Subject: Re: /usr/bin/su modification time changing Message-ID: <199801081732.MAA09060@homeport.org> In-Reply-To: <Pine.BSF.3.95.980108093729.14685B-100000@larry> from Lance Hartford at "Jan 8, 98 09:40:30 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Suggest using md5, not sum. Script kiddies have had tools since 1990 or so to fake out sum. diff is also useful. :) Also, I seem to recall that theres a problem with FreeBSD where the OS randomly updates the mod time, but nothing else, of a file. Adam Lance Hartford wrote: | | I just installed 2.2.5 on a PC and I received the following portion of | message in a security mail that was sent out last night: | | xyz setuid diffs: | 152c152 | < -r-sr-xr-x 1 root bin 16384 Oct 21 10:19:25 1997 /usr/bin/su | --- | > -r-sr-xr-x 1 root bin 16384 Jan 7 19:40:28 1998 /usr/bin/su | | I did a "sum" on the /usr/bin/su on another system onsite, and found | that there was no difference compared to the one on this system. Does | this imply that there is a security problem at my site? | | Thanks. | | Lance | -- <123> stargate /export/home/adam% passwd passwd: Changing password for adam passwd: adam does not exist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801081732.MAA09060>