Then onto the more interesting question: How could this happen? Someone 
must have gained root privileges, or am I mistaken?

Should I conclude, that something / someone comprimised my security?

/Daniel


On torsdag, apr 24, 2003, at 18:00 Europe/Copenhagen, Jeremy C. Reed 
wrote:

> On Thu, 24 Apr 2003, Daniel Eggert wrote:
>
>> I got this in my daily output. Should I worry? What's the deal with
>> setuid for these binaries?
>
> You should worry after you review it and know that the setuid/setgid
> program was not from the upgrade.
>
> I won't answer for all of these, some searches may have answers for 
> each
> one.
>
>> -r-sr-xr--  1  root  operator  342912  Apr  23  06:28:38  2003
>> /sbin/shutdown
>
> A user in group operator can run shutdown which will be execute with 
> root
> privileges to do the shutdown.
>
>> -r-sr-xr-x  4  root  wheel     23876   Apr  23  06:29:21  2003
>> /usr/bin/atrm
>
> A user can run atrm (and batch, atq and at) to delete (queue or 
> examine)
> their job.
>
>> -r-sr-xr-x  3  root  wheel     22584   Apr  23  06:29:39  2003
>> /usr/bin/chfn
>
> A regular user can use chfn (and chpass and chsh) to update their own
> user database info in the master.passwd file. It is executed with
> superuser privileges so this file can be modified.
>
>> -r-sr-xr-x  1  root  wheel     28004   Apr  23  06:29:50  2003
>> /usr/bin/crontab
>
> A regular user can maintain their own personal crontabs.
>
>> -r-sr-xr-x  1  root  wheel     28660   Apr  23  06:30:47  2003
>> /usr/bin/login
>
>> -r-sr-xr-x  2  root  wheel     20512   Apr  23  06:31:18  2003
>> /usr/bin/passwd
>
> A regular user can change their password in the secure master.passwd 
> file.
>
>> -r-sr-xr-x  1  root  wheel     18036   Apr  23  06:31:48  2003
>> /usr/bin/su
>
> Like login, it needs root privileges to authenticate and to set the 
> user
> (and group) for the new user.
>
>> -r-xr-sr-x  1  root  kmem      38112   Apr  23  06:32:32  2003
>> /usr/bin/vmstat
>
> Runs as group kmem so it can access /dev/kmem (which is readable by 
> group
> kmem).
>
>> -r-xr-sr-x  1  root  games     186916  Apr  23  06:26:17  2003
>> /usr/games/battlestar
>
> Games often run as group games so scores can be recorded, but regular
> users can't modify :)
>
>> -r-xr-sr-x  1  root  maildrop  93252   Apr  23  06:23:53  2003
>> /usr/sbin/postdrop
>
> Needs to be setgid so a regular user can get their mail into postfix's
> maildrop directory (versus having the directory writable by everyone).
>
> Anyways, some setuid/setgid tools can be rewritten to get rid of their
> enhanced privileges.
>
>    Jeremy C. Reed
>    http://bsd.reedmedia.net/
>