Date: Sun, 29 Sep 1996 11:32:11 +0100 From: Paul Walsh <paul@nation-net.com> To: questions@freebsd.org Subject: mysterious setuid changes Message-ID: <324E502B.10B5@nation-net.com>
next in thread | raw e-mail | index | archive | help
I guess it's time to learn a bit more about security. Can anyone explain why I would get this in my daily security run ouput, when I've not been messing with the permissions? I only have 3 valid users on the system , so if someone's been fiddling I should soon find out who. Cheers, Paul Walsh. checking setuid files and devices: www setuid/device diffs: 66a67,68 > -rwsr-xr-x 1 uucp bin 495616 Nov 2 08:14:57 1995 /usr/local/sbin/faxgetty > -rwsr-xr-x 1 uucp bin 360448 Nov 2 08:14:54 1995 /usr/local/sbin/faxq79,80d80 < drwxr-sr-x 2 root wheel 512 Oct 12 02:08:15 1995 /usr/local/src/Python-1.3/Nt/Python < drwxr-sr-x 2 root wheel 1024 Jul 18 17:03:21 1996 /usr/local/src/Python-1.3/Objects 90,91c90,91 < -r-sr-sr-x 3 root kmem 180224 Nov 16 09:59:26 1995 /usr/sbin/sendmail < -r-sr-xr-x 1 root bin 12288 Nov 16 09:57:25 1995 /usr/sbin/sliplogin --- > drwxr-sr-x 2 root wheel 512 Oct 12 02:08:15 1995 /usr/local/src/Python-1.3/Nt/Python > drwxr-sr-x 2 root wheel 1024 Jul 18 17:03:21 1996 /usr/local/src/Python-1.3/Objects 100a101,102 > -r-sr-sr-x 3 root kmem 180224 Nov 16 09:59:26 1995 /usr/sbin/sendmail > -r-sr-xr-x 1 root bin 12288 Nov 16 09:57:25 1995 /usr/sbin/sliplogin checking for uids of 0: root 0 toor 0 -- paul@nation-net.com Walsh Simmons 0161-839 9337 Manchester, UK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?324E502B.10B5>