update 6.0.1_PATCH -> 6.0.2 added suid to /usr/bin/passwd

[Petar Bogdanovic <petar%smokva.net@localhost>]

Hi,

not sure what happened here but after the upgrade from 6.0.1_PATCH to
6.0.2 the daily insecurity mail reported the following:

        Checking setuid files and devices:
        Setuid additions:
        -r-sr-xr-x 2 root wheel 31003 Jun 3 12:21:03 2013 /usr/bin/passwd
        -r-sr-xr-x 2 root wheel 31003 Jun 3 12:21:03 2013 /usr/bin/yppasswd

        Setuid deletions:
        -r-s--x--x 2 root wheel 192882 Jan 4 12:28:18 2013 /usr/pkg/bin/sudoedit

        Setuid changes:
        -r-sr-xr-x  1  root  wheel     16741   Mar  6  12:34:36  2013  /bin/rcmd
        -r-sr-xr-x  1  root  wheel     16741   Jun  3  12:20:32  2013  /bin/rcmd
        -r-xr-sr-x  1  root  kmem      20825   Mar  6  12:34:58  2013  
/sbin/ccdconfig
        -r-xr-sr-x  1  root  kmem      20825   Jun  3  12:20:51  2013  
/sbin/ccdconfig
        -r-sr-xr-x  1  root  wheel     35062   Mar  6  12:35:00  2013  
/sbin/ping
        (.....)

The fist two lines confused me, so I compared the two versions of
/usr/bin/passwd:

        # ls -la /path/to/6.0.1/usr/bin/passwd
        -r-xr-xr-x  3 root  wheel  31003 Mar  6 13:35 
/path/to/6.0.1/usr/bin/passwd
        # ls -la /path/to/6.0.2/usr/bin/passwd
        -r-sr-xr-x  2 root  wheel  31003 Jun  3 14:21 
/path/to/6.0.2/usr/bin/passwd

I always use tar with p when extracting the sets so that part should be
ok..  but other than that?


Thanks,

                Petar Bogdanovic