[2390] in linux-security and linux-alert archive
[linux-security] rh62 suid files
daemon@ATHENA.MIT.EDU (Martin Macok)
Fri Jul 28 03:18:54 2000
Date: Thu, 27 Jul 2000 20:38:48 +0200
From: Martin Macok <martin.macok@underground.cz>
To: linux-security@redhat.com
Message-ID: <20000727203848.B2882@localhost>
Mail-Followup-To: linux-security@redhat.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="oLBj+sq0vYjzfsbl"
Content-Disposition: inline
Resent-From: linux-security@redhat.com
--oLBj+sq0vYjzfsbl
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I believe having less root setuid binaries on system is The Way ...
so:
Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
are for sysadmins, not for regular users I hope.
Is /sbin/unix_chkpwd really used and what is it used for? I haven't find
anything about it in pam documentation.
Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does
anybody really use them on Linux? Maybe these should be extras ... (maybe
they are needed by POSIX or something similar).
What is /usr/bin/sperl5.00503 (suidperl) being used for? Why this doesn't
have a manpage? Is it necessary?
According to glibc documentation /usr/libexec/pt_chown doesn't need to be
setuid nor is not used at all on RH6.2 (see /usr/doc/glibc-2.1.3/INSTALL),
why does RH6.2 ships it setuid root?
Does /sbin/netreport need root setgid bit? I could not find it being used
somewhere by regular users for any good reasons ...
Have a nice day
--=20
< Martin Ma=E8ok martin.macok@underground.cz <iso-8859-2>=
=20
\\. http://kocour.ms.mff.cuni.cz/~macok/ http://underground.cz/ .//
\\\.. .-=3D t.r.u.s.t n.0 o.n.e =3D-. ..///
--oLBj+sq0vYjzfsbl
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5gIG39uSLtLrzBfMRAq6cAJ9yYSytRVh7gGxT3ympDynho2KVkACfVbN7
ACUbzqwog6Jr87gJ2GuWjjY=
=PI0R
-----END PGP SIGNATURE-----
--oLBj+sq0vYjzfsbl--
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
