Date: Tue, 30 Mar 1999 01:24:22 -0600 From: "Matthew D. Fuller" <fullermd@futuresouth.com> To: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Curious about 'hoststat' Message-ID: <19990330012422.Z17547@futuresouth.com> In-Reply-To: <Pine.SOL.3.96L.990330015216.2230A-100000@unix8.andrew.cmu.edu>; from Harry M. Leitzell on Tue, Mar 30, 1999 at 02:02:24AM -0500 References: <Pine.SOL.3.96L.990330015216.2230A-100000@unix8.andrew.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 30, 1999 at 02:02:24AM -0500, a little birdie told me
that Harry M. Leitzell remarked
> Well, I am going through a FreeBSD machine and removing the suid
> bits on programs that have no purpose having them for a simple user host
> machine. Going through /var/log/setuid.today and changing the permissions
> on the programs seems like a good idea until I got to 'hoststat'.
>
> -r-sr-xr-x 5 root wheel 290016 Feb 15 05:45:23 1999 /usr/bin/hoststat
I'm too asleep to look at CVS logs, but here's food for thought:
1) From strings-ing it, it looks like part of sendmail
2)
[1:21:57] mortis:~
(ttyp5):{2417}% ktrace hoststat
[1:22:13] mortis:~
(ttyp5):{2418}% page kdump < ktrace.out
19217 ktrace RET ktrace 0
19217 ktrace CALL readlink(0x200709a2,0xefbfd2c0,0x3f)
19217 ktrace NAMI "/etc/malloc.conf"
19217 ktrace RET readlink -1 errno 2 No such file or directory
19217 ktrace CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
19217 ktrace RET mmap 536985600/0x2001c000
19217 ktrace CALL break(0x5000)
19217 ktrace RET break 0
19217 ktrace CALL break(0x6000)
19217 ktrace RET break 0
19217 ktrace CALL execve(0xefbfd3c8,0xefbfd888,0xefbfd890)
19217 ktrace NAMI "/usr/local/bin/hoststat"
19217 ktrace RET execve -1 errno 2 No such file or directory
19217 ktrace CALL execve(0xefbfd3c8,0xefbfd888,0xefbfd890)
19217 ktrace NAMI "/usr/local/sbin/hoststat"
19217 ktrace RET execve -1 errno 2 No such file or directory
19217 ktrace CALL execve(0xefbfd3c8,0xefbfd888,0xefbfd890)
19217 ktrace NAMI "/usr/bin/hoststat"
---
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
| Matthew Fuller http://www.over-yonder.net/ |
* fullermd@futuresouth.com fullermd@over-yonder.net *
| UNIX Systems Administrator Specializing in FreeBSD |
* FutureSouth Communications ISPHelp ISP Consulting *
| "The only reason I'm burning my candle at both ends, |
* is because I haven't figured out how to light the *
| middle yet" |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990330012422.Z17547>