[1120] in linux-security and linux-alert archive
Re: [linux-security] Suid Programs / Help Wanted
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Fri Aug 30 19:58:49 1996
To: linux-security@tarsier.cv.nrao.edu
Cc: Net-Thing Security <security@shell.net-thing.net>
In-reply-to: Your message of "Tue, 27 Aug 1996 00:53:10 EDT."
<Pine.LNX.3.91.960827001611.1826A-100000@shell.net-thing.net>
Date: Tue, 27 Aug 1996 15:17:10 -0400
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
> With all the problems about Suid programs, I just -s all but 3 of
> them like sendmail none of my 300 users even noticed. So why does everyone
> else seem to need them Suid?
Just because none of your users noticed does not mean that all the programs
work fine. Lets see.
sendmail - should be setuid to root if used as MTA
su - better be setuid-to-root :)
passwd - setuid to owner of a password file
chfn - setuid to owner of a password file
chsh - setuid to owner of a password file
rlogin - setuid to root
rsh - setuid to root
ping - setuid to root
and a lot more others
> If someone needs Suid programs how about some home made wrapper
> program or script that runs them in a secure manner? would that work?
yes, if you know how to write such wrapper in a secure manner.
> I have a question unrelated:
>
> Is there anyway to tell if a logged in user has a Euid=0 shell but
> everything else is the same as his normal login.
yes, it is possible if you hack the source of a shell.
> If there is how about a
> daemon that checks users and freezes the login of any euiders=0 or ones
> that get to uid=0 shell and add their ip to hosts.deny.
>From the top of my head that creates race conditions.
> How about a automatic expert security program that keeps a watch
> over all logins.
And what are the conditions of "abuse" that this program should detect?
> Another Question:
>
> Is there a bug in the slackware 1.2.13
There is no Slackware 1.2.13
> login that can let an intruder
> get a root shell even with no valid login account?
No, this bug was in early SYSV login and it required knowledge of account
name.
> Wanted security consultant anyone reading this that knows all
> past and present Slackware bugs/holes and possibly Irix 5.3 exploits reply
> with hourly rate and experience.
This is a joke, right?
Best wishes,
Alex
============================================================================
Alexander O. Yuriev Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA
.... Go WAR! The Network Security Wargames are coming
KeyID: 1024/D62D4489 Key Fingerprint: AE84534377CCC4E2 37B13C4D8CD3D501
Unless otherwise stated, everything above is my personal opinion and not an
opinion of any organisation affiliated with me.
=============================================================================