Setuid

Petr Janda elekktretterr at exemail.com.au
Thu Jul 6 10:55:54 PDT 2006


Im looking at a couple of days old cron job email, and I see this:

Checking setuid files and devices:

elevator.homenetwork.org setuid diffs:
1,44c1,42
< 10648 -r-sr-xr-x  1 root  wheel     298672 Jun 16 08:22:28 2006 /bin/rcp
< 63752 -r-xr-sr-x  1 root  kmem       85384 Jun 16 08:22:36 2006 
/sbin/ccdconfig
< 63817 -r-sr-xr-x  1 root  wheel     246176 Jun 16 08:22:38 2006 /sbin/ping
< 63818 -r-sr-xr-x  1 root  wheel     252296 Jun 16 08:22:38 2006 
/sbin/ping6
< 63837 -r-sr-x---  1 root  operator  207992 Jun 16 08:22:39 2006 
/sbin/shutdown
< 1635248 -r-sr-xr-x  4 root  wheel      19764 Jun 16 08:22:49 2006 
/usr/bin/at
< 1635248 -r-sr-xr-x  4 root  wheel      19764 Jun 16 08:22:49 2006 
/usr/bin/atq
< 1635248 -r-sr-xr-x  4 root  wheel      19764 Jun 16 08:22:49 2006 
/usr/bin/atrm
< 1635248 -r-sr-xr-x  4 root  wheel      19764 Jun 16 08:22:49 2006 
/usr/bin/batch
< 1635457 -r-sr-xr-x  6 root  wheel      34148 Jun 16 08:22:49 2006 
/usr/bin/chfn
< 1635457 -r-sr-xr-x  6 root  wheel      34148 Jun 16 08:22:49 2006 
/usr/bin/chpass
< 1635457 -r-sr-xr-x  6 root  wheel      34148 Jun 16 08:22:49 2006 
/usr/bin/chsh
< 1635517 -r-sr-xr-x  1 root  wheel      26964 Jun 16 08:22:54 2006 
/usr/bin/crontab
< 1635699 -r-xr-sr-x  1 root  kmem       14700 Jun 16 08:22:50 2006 
/usr/bin/fstat
< 1635386 -r-xr-sr-x  1 root  kmem       11324 Jun 16 08:22:50 2006 
/usr/bin/ipcs
< 1635497 -r-sr-xr-x  1 root  wheel       4252 Jun 16 08:22:50 2006 
/usr/bin/keyinfo
< 1635510 -r-sr-xr-x  1 root  wheel       8156 Jun 16 08:22:50 2006 
/usr/bin/keyinit
< 1635723 -r-sr-xr-x  1 root  wheel       7676 Jun 16 08:22:50 2006 
/usr/bin/lock
< 1635729 -r-sr-xr-x  1 root  wheel   23436 Jun 16 08:22:50 2006 
/usr/bin/login

and many many more

Is it normal that so many files have the setuid bit on? Ive never 
noticed it before ( not that I read those emails often anyway)





More information about the Users mailing list