[124] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Sun Mar 12 15:50:13 1995
Date: Sun, 12 Mar 1995 15:03:27 -0500
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: linux-security@tarsier.cv.nrao.edu
Cc: �.~@cais.cais.com
Reply-To: linux-security@tarsier.cv.nrao.edu
panzer@dhp.com (Panzer Boy) wrote:
> Andrew Cromarty (andy@distrib.com) wrote:
> : 1. What's a good Linux-specific spec for file permissions ...
> Well. Here's my output. ...
Curious. I note that a number of the programs Matt's scan found are
setuid-something AND setgid-something. When I've checked programs
like that in the past, one or the other has almost always turned out
to be superfluous. I haven't done a scan like that on Linux yet.
[Somehow, it's a lot easier to find time to do things like that when
you're being paid to do them - <wry grin>.] I wonder whether that's
the case with many of these?
Joe Yao jsdy@cais.com - Joseph S. D. Yao
