the man page says:
o Check for changes in setuid/setgid files and devices.
Those setuid binaries did change. They were replaced. The sizes
are different also. That's because there is a libc.a change and
these are static binaries.
the security script is not not just reporting whether setuid bits
are being turned on or off.
tetrahedra@danwin1210.de wrote:
> Hi all,
> security(8) sent me an alert that Setuid changed on /sbin/ping and
> /sbin/ping6:
>
> Running security(8):
>
> Setuid changes:
> -r-sr-xr-x 2 root bin 347728 Sep 27 17:40:01 2022 /sbin/ping
> -r-sr-xr-x 1 root bin 347776 Mar 11 19:42:17 2023 /sbin/ping
> -r-sr-xr-x 2 root bin 347728 Sep 27 17:40:01 2022 /sbin/ping6
> -r-sr-xr-x 1 root bin 347776 Mar 11 19:42:17 2023 /sbin/ping6
>
>
> This happened after I installed syspatch 022_resolv (and made no other
> changes to the system).
>
> I checked the source code of the 022_resolv patch and I don't see
> anything that would affect the /sbin/ping binary.
>
> Did I miss something? Or is this setuid change potentially indicative of
> a bigger problem?
>
No comments:
Post a Comment