[1120] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Suid Programs / Help Wanted

daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Fri Aug 30 19:58:49 1996

To: linux-security@tarsier.cv.nrao.edu
Cc: Net-Thing Security <security@shell.net-thing.net>
In-reply-to: Your message of "Tue, 27 Aug 1996 00:53:10 EDT."
             <Pine.LNX.3.91.960827001611.1826A-100000@shell.net-thing.net> 
Date: Tue, 27 Aug 1996 15:17:10 -0400
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>


> With all the problems about Suid programs, I just -s all but 3 of 
> them like sendmail none of my 300 users even noticed. So why does everyone
> else seem to need them Suid?

Just because none of your users noticed does not mean that all the programs
work fine. Lets see. 

sendmail - should be setuid to root if used as MTA
su 	 - better be setuid-to-root :)
passwd	 - setuid to owner of a password file 
chfn	 - setuid to owner of a password file
chsh	 - setuid to owner of a password file
rlogin	 - setuid to root
rsh	 - setuid to root
ping	 - setuid to root

and a lot more others

> If someone needs Suid programs how about some home made wrapper 
> program or script that runs them in a secure manner? would that work?

yes, if you know how to write such wrapper in a secure manner.

> I have a question unrelated:
> 
> Is there anyway to tell if a logged in user has a Euid=0 shell but 
> everything else is the same as his normal login. 

yes, it is possible if you hack the source of a shell. 

> If there is how about a
> daemon that checks users and freezes the login of any euiders=0 or ones 
> that get to uid=0 shell and add their ip to hosts.deny. 

>From the top of my head that creates race conditions.

> How about a automatic expert security program that keeps a watch 
> over all logins.

And what are the conditions of "abuse" that this program should detect?

> Another Question: 
> 
> Is there a bug in the slackware 1.2.13

There is no Slackware 1.2.13

> login that can let an intruder 
> get a root shell even with no valid login account?

No, this bug was in early SYSV login and it required knowledge of account
name.

> Wanted security consultant anyone reading this that knows all 
> past and present Slackware bugs/holes and possibly Irix 5.3 exploits reply
> with hourly rate and experience. 

This is a joke, right?


Best wishes,
Alex

============================================================================
Alexander O. Yuriev		            Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY   WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA	 	

            .... Go WAR! The Network Security Wargames are coming 
			
 KeyID: 1024/D62D4489 Key Fingerprint: AE84534377CCC4E2  37B13C4D8CD3D501 

Unless otherwise stated, everything above is my personal opinion and not an
               opinion of any organisation affiliated with me.
=============================================================================

home help back first fref pref prev next nref lref last post