An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#10491 - 06/10/10 06:10 PM SUID file has been modified and will not...
slolerner Offline


Registered: 08/25/09
Loc: New York City
I got these messages in my Disk Utility log after a friend of mine logged into a private mail server site using my computer. Is this a security problem?

2010-06-10 21:10:59 -0400: Warning: SUID file "Applications/Utilities/Keychain Access.app/Contents/Resources/kcproxy" has been modified and will not be repaired.
2010-06-10 21:12:11 -0400: Warning: SUID file "usr/libexec/authopen" has been modified and will not be repaired.
2010-06-10 21:12:12 -0400: Warning: SUID file "usr/libexec/security_authtrampoline" has been modified and will not be repaired.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#10496 - 06/11/10 07:33 AM Re: SUID file has been modified and will not... [Re: slolerner]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: slolerner
I got these messages in my Disk Utility log after a friend of mine logged into a private mail server site using my computer. Is this a security problem?

Presumably not ... but there's only one way to be 100% sure.

Top
#10500 - 06/11/10 09:41 AM Re: SUID file has been modified and will not... [Re: Hal Itosis]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Yeah, I checked out the Apple site of messages that could be ignored but I did not see the SUID ones I had and they looked security-related. I should have mentioned that. The SUIDs actually did come up along with a bunch of Java permission problems, which I did ignore.

But your second link, well, that hit the nail on the head! Plus, I was VERY relieved, actually, by the fact that you thought you had been hacked because I thought I was being paranoid! I also forgot to mention that my friend had to ok a certificate to get to her mail, so that increased my anxiety. Probably the website owner didn't bother to get one?

Thank you so much, and for the quick response because I was ready to bring my computer in to Tekserve. Saved me grief and $$$.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#10502 - 06/11/10 02:19 PM Re: SUID file has been modified and will not... [Re: slolerner]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: slolerner
Plus, I was VERY relieved, actually, by the fact that you thought you had been hacked because I thought I was being paranoid!

Just so you know: when folks put a wink in or near a sentence, it usually means that the seriousness and sincerity of its content are somewhat diminished. [i.e., i didn't actually think that i had actually been hacked. I was just highlighting the fact that it's one possible reason for an SUID warning.]


Originally Posted By: slolerner
Yeah, I checked out the Apple site of messages that could be ignored but I did not see the SUID ones I had and they looked security-related. I should have mentioned that.

Good point... neither kcproxy nor security_authtrampoline are listed there. [and yes, a mention of having already checked that article would have been helpful (to others as well, not just me).]


Edited by Hal Itosis (06/11/10 02:33 PM)

Top

Moderator:  alternaut, dkmarsh, joemikeb