Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!spool.mu.edu!newspump.sol.net!howland.erols.net!newsfeed.internetmci.com!katbert.ipa.net!keyhole.west.spy.net!bleu.west.spy.net!dustin From: dustin@bleu.west.spy.net. (Dustin Sallings) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Daily Insecurity - Sudden Change Date: 5 Feb 1997 00:21:50 GMT Organization: Silicon Graphics, Inc. Mountain View, CA Lines: 23 Message-ID: <5d8jqu$ql9$1@keyhole.west.spy.net> References: <5d7kf4$1nl@eirene.wingnet.net> NNTP-Posting-Host: bleu.west.spy.net Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5894 In article <5d7kf4$1nl@eirene.wingnet.net>, CRAIG@wingnet.net writes: > In today's report, there were several files that reported like the following: > > Setuid changes: > -r-s--x--- 2 uucp 117 28672 Jan 1 16:40:34 1996 /usr/bin/cu > -r-s--x--- 2 uucp dialer 28672 Jan 1 16:40:34 1996 /usr/bin/cu > -r-sr-x--- 1 root 118 24576 Jan 1 16:39:56 1996 /usr/bin/ppp > -r-sr-x--- 1 root netdial 24576 Jan 1 16:39:56 1996 /usr/bin/ppp > > I know that I didn't change them, but they also are files that aren't even > used on the system. > > Why would they show setuid changes all of a sudden? Has anyone else > experienced this? It looks like you've been editing /etc/group -- IPA.net Sysadmin My girlfriend asked me which one I like better. pub 1024/3CAE01D5 1994/11/03 Dustin Sallings <dustin@spy.net> | Key fingerprint = 87 02 57 08 02 D0 DA D6 C8 0F 3E 65 51 98 D8 BE L_______________________ I hope the answer won't upset her. ____________