[127] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Geoffrey Bennett)
Sun Mar 12 19:37:25 1995
From: Geoffrey Bennett <geoffrey@tafe.sa.edu.au>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 13 Mar 1995 09:57:24 +1030 (CST)
In-Reply-To: <3juaf3$os6@dhp.com> from "Panzer Boy" at Mar 12, 95 03:13:23 am
Reply-To: linux-security@tarsier.cv.nrao.edu
[mod: quoting trimmed --okir]
> *** /bin/login doesn't need to suid root, as it should for the most part
> only be called by root owned procs. ping for icmp. passwd stuff for
> access to restricted shells.
/bin/login should be suid root, in case someone wants to exec login,
I thought?
> Those are mine, though if someone notices something that shouldn't be as
> it is, please email me... :)
>
> Also remember anything run from rc files will be run as root, and
> anything run from inetd will be also.
No, inetd.conf specifies which user each server should be run as.
Regards,
--
___
/ __
\___|eoffrey D. Bennett!-) geoffrey@tafe.sa.edu.au
