[1092] in linux-security and linux-alert archive
[linux-security] About suid etc. programs...
daemon@ATHENA.MIT.EDU (Tommi Rintala)
Tue Aug 27 10:55:18 1996
From: Tommi Rintala <t2r@uwasa.fi>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 26 Aug 1996 16:36:56 +0300 (EET DST)
Hi!
There have been a lot of discussion about suid programs and other
programs, which cause vulnerabilities in Linux system. I have been
looking for 'unsecure' programs, and found out that there are usually
many programs in Linux systems which have 'wrong' rights.
I wonder how many of the programs in /sbin and /usr/sbin are programs,
which should be runable by ordinary users. sendmail is one (and it
should also have suid), perhaps traceroute is nice thing if you wish
to follow a connection paths (thing which should normally be done by
admin).
How about changing Linux default access rights to something more
paranoid??
[REW: Yes, some people would like this. You already name two programs
(sendmail, traceroute) that some people would like to keep from the
"hands of the masses". Lots of setuid programs are like that. Some say
only root should be able to execute them.... Although a "security
question" while installing a system would be nice, this isn't
implemented yet, so you will have to locally configure this the way
you want it.]
yours,
tomppa2
--
--------------------------------------------------------------------------
Tommi Rintala Computer Center, University of Vaasa Finland
e-mail: t2r@Cc.UWasa.Fi http://www.uwasa.fi/~t2r
--------------------------------------------------------------------------