Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 Mar 2017 11:42:42 -0500
From:      "James B. Byrne" <byrnejb@harte-lyne.ca>
To:        freebsd-questions@freebsd.org
Subject:   daily security run output (setuid)
Message-ID:  <0a9bbc9664cdeacc27dacadbd575ea1d.squirrel@webmail.harte-lyne.ca>

Next in thread | Raw E-Mail | Index | Archive | Help
Following a recent update we began to see this report:

Checking setuid files and devices:

setuid diffs:
--- /var/log/setuid.today        2017-01-18 03:01:01.000000000 -0500
+++ /tmp/security.saU3IUZT        2017-03-08 03:01:01.006331628 -0500
@@ -36,9 +36,9 @@
. . .

- 70217 -rwsr-xr-x  1 root  wheel         22416 Jan 12 00:09:17 2017
/usr/local/bin/pkexec
. . .
+ 30527 -rwsr-xr-x  1 root  wheel         22416 Feb 25 00:04:40 2017
/usr/local/bin/pkexec

pkg which /usr/local/bin/pkexec
/usr/local/bin/pkexec was installed by package polkit-0.113_3

pkg info polkit-0.113_3
polkit-0.113_3
Name           : polkit
Version        : 0.113_3
Installed on   : Tue Mar  7 15:31:14 2017 EST


This was a legitimate update as far as I can see. I can see that the
mtime value has changed but why does the update not account for this
with the security system?


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3



-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?0a9bbc9664cdeacc27dacadbd575ea1d.squirrel>