Date: Mon, 27 Dec 1999 17:56:33 +0100 (CET) From: Oliver Fromme <olli@dorifer.heim3.tu-clausthal.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: Huge differences in suid programs ? Message-ID: <199912271656.RAA28357@dorifer.heim3.tu-clausthal.de>
next in thread | raw e-mail | index | archive | help
Brad Knowles wrote in list.freebsd-stable:
> At 1:45 PM +0000 1999/12/27, Mark Ovens wrote:
>
> > The timestamp has changed on the files because make world replaced
> > them so they're different.
>
> Right, but *why* are they so different? Was it perhaps a change
> in a library, a change in the compiler, or was it that the source
> code for these programs itself actually changed so much?
>
> I understand their being replaced (and why the security report
> would flag them all), but I don't understand why they were all so
> different to begin with.
Well, the daily security script just does an "ls -l" on all
suid/sgid binaries and diffs them with the previous listing.
Therefore it will regard all differences in the ls -l output
as "differences". This can be the ownership, time stamps, and
sizes of the files. Even if the actual contents of the files
are the same, the time stamps are not the same (because they
indicate the time at which the files where created), so the
daily security script will regard them as "different".
It's a feature. ;)
Regards
Oliver
--
Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany
(Info: finger userinfo:olli@dorifer.heim3.tu-clausthal.de)
"In jedem Stück Kohle wartet ein Diamant auf seine Geburt"
(Terry Pratchett)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912271656.RAA28357>