Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Sep 1996 11:32:11 +0100
From:      Paul Walsh <paul@nation-net.com>
To:        questions@freebsd.org
Subject:   mysterious setuid changes
Message-ID:  <324E502B.10B5@nation-net.com>

Next in thread | Raw E-Mail | Index | Archive | Help
I guess it's time to learn a bit more about security.

Can anyone explain why I would get this in my daily security run ouput, when 
I've not been messing with the permissions?

I only have 3 valid users on the system , so if someone's been fiddling I 
should soon find out who.

Cheers, Paul Walsh.
 

checking setuid files and devices:
www setuid/device diffs:
66a67,68
> -rwsr-xr-x  1 uucp  bin    495616 Nov  2 08:14:57 1995 /usr/local/sbin/faxgetty
> -rwsr-xr-x  1 uucp  bin    360448 Nov  2 08:14:54 1995 /usr/local/sbin/faxq79,80d80
< drwxr-sr-x  2 root  wheel     512 Oct 12 02:08:15 1995 
/usr/local/src/Python-1.3/Nt/Python
< drwxr-sr-x  2 root  wheel    1024 Jul 18 17:03:21 1996 
/usr/local/src/Python-1.3/Objects
90,91c90,91
< -r-sr-sr-x  3 root  kmem    180224 Nov 16 09:59:26 1995 /usr/sbin/sendmail
< -r-sr-xr-x  1 root  bin      12288 Nov 16 09:57:25 1995 /usr/sbin/sliplogin
---
> drwxr-sr-x  2 root  wheel     512 Oct 12 02:08:15 1995 /usr/local/src/Python-1.3/Nt/Python
> drwxr-sr-x  2 root  wheel    1024 Jul 18 17:03:21 1996 /usr/local/src/Python-1.3/Objects
100a101,102
> -r-sr-sr-x  3 root  kmem  180224 Nov 16 09:59:26 1995 /usr/sbin/sendmail
> -r-sr-xr-x  1 root  bin    12288 Nov 16 09:57:25 1995 /usr/sbin/sliplogin


checking for uids of 0:
root 0
toor 0

-- 
paul@nation-net.com	Walsh Simmons 		
0161-839 9337		Manchester, UK



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?324E502B.10B5>