[111] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sat Mar 11 19:17:53 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Sun, 12 Mar 1995 00:44:09 +0100 (MET)
In-Reply-To: <m0rnYXw-000EWrC@distrib.com> from "Andrew Cromarty" at Mar 11, 95 01:18:00 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
Andrew Cromarty wrote:
> As one example, it would be
> straightforward to construct an expert system to manage Linux security,
> if we could simply codify the specification knowledge. In short, what
> would be better than "cops plus a these-files-should-be-SUID list"?
I second that (although I doubt that it would be straightforward). There
are a couple of holes in common Linux distributions that simply result from
wrong permission settings. I came about some particularly nasty ones in
Slackware 2.0 (not sure about the number) which had world-writable home
directories for uucp and mail (.rhosts attack), and had the suid bit set on
uuchk and uuconv (uuchk being suid to uucp is bad because it lets anyone
read all your UUCP passwords).
Any such checking tool would have to be clever about the software packages
present (e.g. telling INN from C News), and look for them in different
places. It'd also be nice if it was able to automatically construct a
tripwire configuration file for a particular installation.
Anyone got some spare time one their hands? :-)
Cheers
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
