[135] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Elias Levy)
Mon Mar 13 01:22:12 1995
Date: Sun, 12 Mar 1995 16:15:50 -0800 (PST)
From: Elias Levy <elias@power.net>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <3juaf3$os6@dhp.com>
Reply-To: linux-security@tarsier.cv.nrao.edu
On 12 Mar 1995, Panzer Boy wrote:
> *** Procmail, Screen, and tin (suid news)
> -rwsr-sr-x 1 root mail 41988 Aug 12 1994 /usr2/local/bin/procmail
> -rwsr-xr-x 1 root root 144388 May 6 1994 /usr2/local/bin/screen
> -rwsr-sr-x 1 news news 222212 Aug 12 1994 /usr2/local/bin/tin
You can escape any command from within tin with !. So you must disable shell
escapes. The way I like it better is to run inn or other and run tin -r
with no suid bit. (Remember to set the nnrpd.hosts file correctly of curse)
> *** To allow the program to initiate connections from lower ports, though
> I for the most part don't see why this needs to be done.
> -r-sr-xr-x 1 root bin 13316 Feb 12 1994 /usr/bin/rlogin
> -r-sr-xr-x 1 root bin 9220 Feb 12 1994 /usr/bin/rsh
> -r-sr-xr-x 1 root root 5584 Feb 2 1994 /usr/bin/traceroute
I belibe traceroute is suid for the same reason than ping (icmp)
> -Matt (panzer@dhp.com) DI-1-9026
> "That which can never be enforced should not be prohibited."
elias@power.net (Elias Levy)
PowerNet, Inc.
--
[Mod: Along the lines of my earier comment, let's please also not beat
to death the merits/dangers of suid/sgid settings on every program that
commonly has them. It's a never-ending debate, and often depends
largely on local factors (for good or ill). --Jeff.]
