Setuid
Petr Janda
elekktretterr at exemail.com.au
Thu Jul 6 10:55:54 PDT 2006
Im looking at a couple of days old cron job email, and I see this:
Checking setuid files and devices:
elevator.homenetwork.org setuid diffs:
1,44c1,42
< 10648 -r-sr-xr-x 1 root wheel 298672 Jun 16 08:22:28 2006 /bin/rcp
< 63752 -r-xr-sr-x 1 root kmem 85384 Jun 16 08:22:36 2006
/sbin/ccdconfig
< 63817 -r-sr-xr-x 1 root wheel 246176 Jun 16 08:22:38 2006 /sbin/ping
< 63818 -r-sr-xr-x 1 root wheel 252296 Jun 16 08:22:38 2006
/sbin/ping6
< 63837 -r-sr-x--- 1 root operator 207992 Jun 16 08:22:39 2006
/sbin/shutdown
< 1635248 -r-sr-xr-x 4 root wheel 19764 Jun 16 08:22:49 2006
/usr/bin/at
< 1635248 -r-sr-xr-x 4 root wheel 19764 Jun 16 08:22:49 2006
/usr/bin/atq
< 1635248 -r-sr-xr-x 4 root wheel 19764 Jun 16 08:22:49 2006
/usr/bin/atrm
< 1635248 -r-sr-xr-x 4 root wheel 19764 Jun 16 08:22:49 2006
/usr/bin/batch
< 1635457 -r-sr-xr-x 6 root wheel 34148 Jun 16 08:22:49 2006
/usr/bin/chfn
< 1635457 -r-sr-xr-x 6 root wheel 34148 Jun 16 08:22:49 2006
/usr/bin/chpass
< 1635457 -r-sr-xr-x 6 root wheel 34148 Jun 16 08:22:49 2006
/usr/bin/chsh
< 1635517 -r-sr-xr-x 1 root wheel 26964 Jun 16 08:22:54 2006
/usr/bin/crontab
< 1635699 -r-xr-sr-x 1 root kmem 14700 Jun 16 08:22:50 2006
/usr/bin/fstat
< 1635386 -r-xr-sr-x 1 root kmem 11324 Jun 16 08:22:50 2006
/usr/bin/ipcs
< 1635497 -r-sr-xr-x 1 root wheel 4252 Jun 16 08:22:50 2006
/usr/bin/keyinfo
< 1635510 -r-sr-xr-x 1 root wheel 8156 Jun 16 08:22:50 2006
/usr/bin/keyinit
< 1635723 -r-sr-xr-x 1 root wheel 7676 Jun 16 08:22:50 2006
/usr/bin/lock
< 1635729 -r-sr-xr-x 1 root wheel 23436 Jun 16 08:22:50 2006
/usr/bin/login
and many many more
Is it normal that so many files have the setuid bit on? Ive never
noticed it before ( not that I read those emails often anyway)
More information about the Users
mailing list