I noticed this email message this morning: > Subject: mjoelnir.fritz.box daily insecurity output > From: "Charlie Root @ mjoelnir_aa1667" ... > To: ... > Date: Fri, 07 Jun 2024 01:32:17 +0200 (CEST) > > > Running security(8): > > Setuid changes: > -r-x--s--x 1 root _sshagnt 435040 May 20 14:18:15 2024 /usr/bin/ssh-agent > -r-x--s--x 1 root _sshagnt 435040 Jun 6 12:07:27 2024 /usr/bin/ssh-agent
It's true: mjoelnir:2024 7.06 14:00:57 % stat -x /usr/bin/ssh-agent File: "/usr/bin/ssh-agent" Size: 435040 FileType: Regular File Mode: (2511/-r-x--s--x) Uid: ( 0/ root) Gid: ( 34/_sshagnt) Device: 4,21 Inode: 156169 Links: 1 Access: Fri Jun 7 01:30:01 2024 Modify: Thu Jun 6 12:07:27 2024 Change: Thu Jun 6 12:07:27 2024 mjoelnir:2024 7.06 16:10:01 % ls -ltra /usr/bin | tail -r-xr-xr-x 1 root bin 191200 May 19 23:41 info* -r-xr-xr-x 1 root bin 24000 May 19 23:41 infokey* -r-xr-xr-x 1 root bin 281960 May 19 23:41 makeinfo* -r-xr-xr-x 1 root bin 31568 May 19 23:41 install-info* -r-xr-xr-x 1 root bin 30560 May 19 23:41 texindex* -r-xr-xr-x 1 root bin 28070 May 19 23:41 texi2dvi* -r-xr-xr-x 1 root bin 665 May 19 23:41 texi2pdf* drwxr-xr-x 16 root wheel 512 May 20 00:31 ../ -r-x--s--x 1 root _sshagnt 435040 Jun 6 12:07 ssh-agent* drwxr-xr-x 2 root wheel 6144 Jun 6 12:07 ./ Is that not a bit weird? Why would ssh-agent have changed / been "touched"? Maybe that's when I booted the system ... Does it make sense that starting an executable would cause its mtime to be set? Just wondering ... Cheers, Robb.
