Solved Setuid changes

I have just seen a security e-mail containing the following:
Code:
setuid diffs:
--- /var/log/setuid.today    2020-08-10 03:04:08.569776000 +0100
+++ /tmp/security.HP0TkzW5    2020-09-28 03:04:15.848722000 +0100
@@ -67,8 +67,8 @@
3698883 -r-sr-xr-x  1 root  wheel      34256 Jul 12 13:29:30 2020 /usr/jails/basejail/usr/sbin/traceroute
3698884 -r-sr-xr-x  1 root  wheel      28688 Jul 12 13:29:30 2020 /usr/jails/basejail/usr/sbin/traceroute6
3698886 -r-xr-sr-x  1 root  kmem       11888 Jul 12 13:29:30 2020 /usr/jails/basejail/usr/sbin/trpt
-3534148 -rwxr-sr-x  1 root  126        16312 Aug  6 09:22:52 2020 /usr/jails/mailin/usr/local/sbin/postdrop
-3534155 -rwxr-sr-x  1 root  126        21376 Aug  6 09:22:52 2020 /usr/jails/mailin/usr/local/sbin/postqueue
+3531574 -rwxr-sr-x  1 root  126        16312 Sep 16 09:23:13 2020 /usr/jails/mailin/usr/local/sbin/postdrop
+3531581 -rwxr-sr-x  1 root  126        21376 Sep 16 09:23:13 2020 /usr/jails/mailin/usr/local/sbin/postqueue
3374783 -r-xr-sr-x  1 root  mail       63808 Jul 12 13:14:36 2020 /usr/libexec/dma
3374784 -r-sr-xr--  1 root  mail        7464 Jul 12 13:14:36 2020 /usr/libexec/dma-mbox-create
3464690 -r-xr-sr-x  1 root  smmsp     730472 Jul 12 13:14:37 2020 /usr/libexec/sendmail/sendmail

Should I be worried by this?
 
Did you upgrade postfix recently in that jail? If yes, then it's expected. And it's actually setgid despite what the message says.

EDIT: you can check postfix installation date e.g. using pkg query %t postfix | xargs date -jf %s
 
Thank you. Yes, I upgraded it yesterday, hence the messages today. I hadn't twigged those files were part of postfix or I wouldn't have posted here.
 
Back
Top