From owner-freebsd-questions  Sun Sep 29 03:32:52 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id DAA25754
          for questions-outgoing; Sun, 29 Sep 1996 03:32:52 -0700 (PDT)
Received: from www.nation-net.com (www.nation-net.com [194.159.125.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id DAA25709
          for <questions@freebsd.org>; Sun, 29 Sep 1996 03:32:47 -0700 (PDT)
Received: from mag.nation-net.com (194.159.125.14) by www.nation-net.com
 with SMTP (Apple Internet Mail Server 1.0); Sun, 29 Sep 1996 11:35:21 +0000
Message-ID: <324E502B.10B5@nation-net.com>
Date: Sun, 29 Sep 1996 11:32:11 +0100
From: Paul Walsh <paul@nation-net.com>
X-Mailer: Mozilla 2.0 (Win95; I)
MIME-Version: 1.0
To: questions@freebsd.org
Subject: mysterious setuid changes
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I guess it's time to learn a bit more about security.

Can anyone explain why I would get this in my daily security run ouput, when 
I've not been messing with the permissions?

I only have 3 valid users on the system , so if someone's been fiddling I 
should soon find out who.

Cheers, Paul Walsh.
 

checking setuid files and devices:
www setuid/device diffs:
66a67,68
> -rwsr-xr-x  1 uucp  bin    495616 Nov  2 08:14:57 1995 /usr/local/sbin/faxgetty
> -rwsr-xr-x  1 uucp  bin    360448 Nov  2 08:14:54 1995 /usr/local/sbin/faxq79,80d80
< drwxr-sr-x  2 root  wheel     512 Oct 12 02:08:15 1995 
/usr/local/src/Python-1.3/Nt/Python
< drwxr-sr-x  2 root  wheel    1024 Jul 18 17:03:21 1996 
/usr/local/src/Python-1.3/Objects
90,91c90,91
< -r-sr-sr-x  3 root  kmem    180224 Nov 16 09:59:26 1995 /usr/sbin/sendmail
< -r-sr-xr-x  1 root  bin      12288 Nov 16 09:57:25 1995 /usr/sbin/sliplogin
---
> drwxr-sr-x  2 root  wheel     512 Oct 12 02:08:15 1995 /usr/local/src/Python-1.3/Nt/Python
> drwxr-sr-x  2 root  wheel    1024 Jul 18 17:03:21 1996 /usr/local/src/Python-1.3/Objects
100a101,102
> -r-sr-sr-x  3 root  kmem  180224 Nov 16 09:59:26 1995 /usr/sbin/sendmail
> -r-sr-xr-x  1 root  bin    12288 Nov 16 09:57:25 1995 /usr/sbin/sliplogin


checking for uids of 0:
root 0
toor 0

-- 
paul@nation-net.com	Walsh Simmons 		
0161-839 9337		Manchester, UK