[125] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Panzer Boy)
Sun Mar 12 19:27:20 1995
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Panzer Boy)
Date: 12 Mar 1995 15:37:12 -0500
Reply-To: linux-security@tarsier.cv.nrao.edu
R.E.Wolff@et.tudelft.nl wrote:
: > *** Procmail, Screen, and tin (suid news)
: > -rwsr-sr-x 1 news news 222212 Aug 12 1994 /usr2/local/bin/tin
: I wouldn't trust "tin".
It's suid NEWS, not root. Though indirectly you can get root from that.
I know. Get news, modify rc.news file, run by root... :) This was
originally run as root so that I could have it create index files, as
this is no longer needed (I have news locally) tin is no longer suid root.
: > *** System utils that mod files in restricted space
: > -rwsr-xr-x 1 root root 17412 May 6 1994 /usr/bin/chfn
: > -rwsr-xr-x 1 root root 13316 May 6 1994 /usr/bin/chsh
: I'd group these with "passwd".
I don't have a group passwd, don't see the use other than convience.
: for your information: the "rule" is that slackware comes with a clean
: /usr/local. All that ends up there is yours.....
Kinda strange way to do it, since have of slackware is made up of things
that should be in /usr/local/bin. Again, this is personal taste, so
whatever people like. :)
: rlogin tells the other side "this user is called wolff, can you let him
: in". If you allow rlogind to accept this from any port, any user could
: write a new rlogin program that pretends to be anyone
The whole "r" program problem is always a pain. If you have a local
cluster of machines you run, you want people to be able to rsh back and
forth around them and not worry about having to type their passwords
again. Though you want to prevent any attempt at doing this from the
outside including if these users have + + in their .rhosts file due to
some "mistake".
--
-Matt (panzer@dhp.com) DI-1-9026
"That which can never be enforced should not be prohibited."
