Return to BSD News archive
Newsgroups: comp.unix.bsd.bsdi.misc Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.mel.connect.com.au!news.mel.aone.net.au!grumpy.fl.net.au!news.webspan.net!www.nntp.primenet.com!nntp.primenet.com!gatech!news.mathworks.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!uunet!in1.uu.net!208.192.224.3!news.interactive.net!ritz From: ritz@onyx.interactive.net (Chris Mauritz) Subject: Re: Daily Insecurity - Sudden Change X-Nntp-Posting-User: ritz Organization: IBS Interactive, Inc. Lines: 20 Message-ID: <E534vB.MCv@news.interactive.net> References: <5d7kf4$1nl@eirene.wingnet.net> X-Trace: 855070822/28964 X-Nntp-Posting-Host: onyx.interactive.net Date: Tue, 4 Feb 1997 15:40:23 GMT Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5902 Craig Thompson <CRAIG@wingnet.net> is rumoured to have written: :) In today's report, there were several files that reported like the following: :) Setuid changes: :) -r-s--x--- 2 uucp 117 28672 Jan 1 16:40:34 1996 /usr/bin/cu :) -r-s--x--- 2 uucp dialer 28672 Jan 1 16:40:34 1996 /usr/bin/cu :) -r-sr-x--- 1 root 118 24576 Jan 1 16:39:56 1996 /usr/bin/ppp :) -r-sr-x--- 1 root netdial 24576 Jan 1 16:39:56 1996 /usr/bin/ppp :) I know that I didn't change them, but they also are files that aren't even :) used on the system. :) Why would they show setuid changes all of a sudden? Has anyone else :) experienced this? Dunno why they changed groups, but the file sizes and permissions are correct. Chris -- Christopher Mauritz | For info on internet access: ritz@interactive.net | finger/mail info@interactive.net OR IBS Interactive, Inc. | http://www.interactive.net/