[89] in linux-security and linux-alert archive
Re: Secure setup for file transfer
daemon@ATHENA.MIT.EDU (Rik Faith)
Thu Mar 9 22:36:50 1995
Date: Thu, 9 Mar 1995 21:44:00 -0500
From: Rik Faith <faith@cs.unc.edu>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: [Elias Levy <elias@power.net>] Thu 9 Mar 1995 15:11:26 -0800
CC: faith@cs.unc.edu, elias@power.net
Reply-To: linux-security@tarsier.cv.nrao.edu
On Thu 9 Mar 1995 15:11:26 -0800,
Elias Levy <elias@power.net> wrote:
> SuperProbe, X, SVGAlib, and other programs shuld not be run setuid root.
> This allows anyone telneted into the system to screw up your console.
> root should install these programs, and if your logged in the console as
> someone other than root you should have permissions to start X, etc.
> Therefore the setuid bit in this programs are usually not needed.
Can you explain this? X must run as root to get access to the underlying
hardware (e.g., via the iopl(2) or ioperm(2) calls). Are you using a
suid'd wrapper to check for a console login in order to get X running as
root without using the setuid bit on the X binary itself? This seems like
a bit of overprotectivity to me. If I'm logged in at the console (not
running X), and someone starts X, I can just switch VC's.
Just a note on tty security in general. I haven't had my tty "screwed up"
by someone in over 10 years -- and I really don't see this issue as a big
security risk. In general, it is very hard to prevent denial of service
attacks under unix, especially when any user can use up all the available
memory or many of the process slots on the machine. Maybe people are
seeing these sorts of attacks in undergraduate computing environments or
some other special situations? Maybe sysadmins in those situations should
implement better social controls and disciplinary actions. I know that if
someone in our academic computing environment tried this juvenile tty crap,
they'd hear from several sysadmins, a few professors, and a bunch of
students: this type of antisocial behavior would simply not be tolerated.
I'm mostly concerned with attacks that will allow an ordinary user to
become root; or that will allow a non-user to gain access to my system or
its files (e.g., network attacks).
