Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!cloudbreak.rs.itd.umich.edu!newsxfer3.itd.umich.edu!su-news-hub1.bbnplanet.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!howland.erols.net!newsfeed.internetmci.com!news.WINGNET.NET!usenet From: CRAIG@wingnet.net (Craig Thompson) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Daily Insecurity - Sudden Change Date: 4 Feb 1997 15:26:27 GMT Organization: WingNET Internet Services Lines: 17 Message-ID: <5d7kf4$1nl@eirene.wingnet.net> NNTP-Posting-Host: dokimazomai.wingnet.net Mime-Version: 1.0 Content-Type: Text/Plain; charset=US-ASCII X-Newsreader: WinVN 0.99.8 (x86 32bit) Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5874 In today's report, there were several files that reported like the following: Setuid changes: -r-s--x--- 2 uucp 117 28672 Jan 1 16:40:34 1996 /usr/bin/cu -r-s--x--- 2 uucp dialer 28672 Jan 1 16:40:34 1996 /usr/bin/cu -r-sr-x--- 1 root 118 24576 Jan 1 16:39:56 1996 /usr/bin/ppp -r-sr-x--- 1 root netdial 24576 Jan 1 16:39:56 1996 /usr/bin/ppp I know that I didn't change them, but they also are files that aren't even used on the system. Why would they show setuid changes all of a sudden? Has anyone else experienced this? TIA, CT