[3415] in bugtraq
More HP vulnerabilities?
daemon@ATHENA.MIT.EDU (Lionel Cons)
Thu Oct 3 13:26:03 1996
Date: Thu, 3 Oct 1996 11:57:45 +0200
Reply-To: Lionel Cons <Lionel.Cons@cern.ch>
From: Lionel Cons <cons@mail.cern.ch>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Following the latest mails about sysdiag or other components of HP-UX,
I searched all the setuid programs on a recently installed HP-UX 10.10
system. You'll find the complete list below my signature.
Why so many sysadmin programs are setuid root? I don't want "normal"
users to manipulate volume groups (vg*), logical volumes (lv*),
install software on the machine (sw*), play with the network (nfsstat,
lanadmin, lanscan...)... Why is lp is setuid root while other printer
commands are setuid lp? Why is fpkg2swpkg (a program to translate
files) setuid root?
It seems that a HUGE cleanup of setuid programs is needed...
_____________________________________________
Lionel Cons http://wwwcn.cern.ch/~cons
CERN http://www.cern.ch
# find /bin /sbin /usr/bin /usr/sbin -perm -04000 -exec ll {} \;
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvcreate
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgcreate
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvcreate
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgcfgbackup
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvchange
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvdisplay
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvextend
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvlnboot
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvreduce
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvremove
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvrmboot
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvchange
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvdisplay
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvmove
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgcfgrestore
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgchange
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgdisplay
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgexport
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgextend
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgimport
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgreduce
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgremove
-r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgscan
-r-sr-xr-x 1 root bin 495616 Feb 23 1996 /sbin/passwd
-r-sr-xr-x 1 root bin 315392 Feb 23 1996 /sbin/shutdown
-r-sr-xr-x 1 root bin 49152 Feb 23 1996 /usr/bin/mediainit
-r-sr-xr-x 1 root bin 20480 Feb 23 1996 /usr/bin/bdf
-r-sr-xr-x 1 root bin 28672 Nov 6 1995 /usr/bin/rcp
-r-sr-xr-x 1 root bin 20480 Nov 6 1995 /usr/bin/nfsstat
-r-sr-xr-x 1 root bin 40960 Mar 15 1996 /usr/bin/at
-r-sr-xr-x 1 root bin 20480 Feb 23 1996 /usr/bin/crontab
-r-sr-sr-x 2 root mail 36864 Feb 23 1996 /usr/bin/mail
-r-sr-sr-x 2 root mail 36864 Feb 23 1996 /usr/bin/rmail
-r-sr-xr-x 1 root bin 16384 Feb 23 1996 /usr/bin/chfn
-r-sr-xr-x 1 root bin 16384 Feb 23 1996 /usr/bin/chsh
-r-sr-xr-x 1 root bin 12288 Feb 23 1996 /usr/bin/newgrp
-r-sr-xr-x 1 root bin 24576 Feb 23 1996 /usr/bin/dcnodes
-r-sr-xr-x 1 root bin 45056 Jan 3 1996 /usr/bin/df
-r-sr-xr-x 1 root bin 102400 Feb 23 1996 /usr/bin/passwd
-r-sr-xr-x 1 root bin 20480 Feb 23 1996 /usr/bin/su
-r-sr-xr-x 1 root bin 73728 Nov 6 1995 /usr/bin/ppl
-r-sr-xr-x 1 root bin 65536 May 2 00:33 /usr/bin/rdist
-r-sr-xr-x 1 root bin 16384 Mar 15 1996 /usr/bin/remsh
-r-sr-xr-x 1 root bin 24576 Nov 6 1995 /usr/bin/rlogin
-r-sr-xr-x 1 root bin 16384 Nov 6 1995 /usr/bin/rexec
-r-sr-sr-x 1 root sys 233472 Nov 18 1995 /usr/bin/X11/hpterm
-r-sr-xr-x 1 root bin 221184 Nov 18 1995 /usr/bin/X11/xterm
lr-sr-xr-t 1 root sys 31 Sep 9 11:29 /usr/bin/X11/gwind -> /opt/graphics/common/lbin/gwind
-r-sr-xr-x 1 lp bin 32768 Nov 6 1995 /usr/bin/cancel
-r-sr-xr-x 1 lp bin 20480 Nov 6 1995 /usr/bin/disable
-r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/bin/enable
-r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/bin/lp
-r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/bin/lpalt
-r-sr-xr-x 1 lp bin 36864 Nov 6 1995 /usr/bin/lpstat
-r-sr-xr-x 1 lp bin 12288 Nov 6 1995 /usr/bin/slp
-r-sr-xr-x 1 root bin 45056 Nov 6 1995 /usr/bin/ct
-r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/bin/cu
-r-sr-sr-x 1 bin daemon 499712 Nov 6 1995 /usr/bin/kermit
lr-sr-xr-t 1 root sys 17 Sep 9 11:29 /usr/bin/landiag -> /usr/sbin/landiag
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swinstall
-r-sr-xr-x 2 root bin 733184 Nov 16 1995 /usr/sbin/swpackage
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swacl
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swconfig
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swcopy
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swlist
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swremove
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swverify
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swreg
-r-sr-xr-x 2 root bin 733184 Nov 16 1995 /usr/sbin/swmodify
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvchange
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvcreate
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvdisplay
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvextend
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvlnboot
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvreduce
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvremove
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvrmboot
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvchange
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvcreate
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvdisplay
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvmove
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgcfgbackup
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgcfgrestore
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgchange
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgcreate
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgdisplay
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgexport
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgextend
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgimport
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgreduce
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgscan
-r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgremove
-r-sr-xr-x 1 root bin 12288 Nov 6 1995 /usr/sbin/vhe/vhe_u_mnt
-r-sr-xr-x 1 root bin 12288 Nov 6 1995 /usr/sbin/acct/accton
-r-sr-xr-x 1 root bin 12288 Nov 6 1995 /usr/sbin/keyenvoy
-r-sr-xr-x 1 root sys 53248 Mar 27 1996 /usr/sbin/lanadmin
-r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/sbin/lanscan
-r-sr-xr-x 1 root sys 36864 Mar 27 1996 /usr/sbin/linkloop
-r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/sbin/landiag
-r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/sbin/arp
-r-sr-xr-x 1 root bin 24576 Nov 6 1995 /usr/sbin/ping
-r-sr-sr-x 1 root mail 176128 Apr 4 00:39 /usr/sbin/sendmail
-r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/sbin/accept
-r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/sbin/lpadmin
-r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/sbin/lpfence
-r-sr-xr-x 1 lp bin 20480 Nov 6 1995 /usr/sbin/lpmove
-r-sr-xr-x 1 root bin 45056 Nov 6 1995 /usr/sbin/lpsched
-r-sr-xr-x 1 lp bin 12288 Nov 6 1995 /usr/sbin/lpshut
-r-sr-xr-x 1 root bin 24576 Nov 6 1995 /usr/sbin/rcancel
-r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/sbin/reject
-r-sr-xr-- 1 root lp 24576 Nov 6 1995 /usr/sbin/rlp
-r-sr-xr-x 1 root bin 53248 Nov 6 1995 /usr/sbin/rlpdaemon
-r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/sbin/rlpstat
-r-sr-xr-x 1 root bin 446464 Nov 9 1995 /usr/sbin/diag/DUI
-r-sr-xr-x 1 root bin 57344 Nov 16 1995 /usr/sbin/fpkg2swpkg
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/sd
-r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swjob
-r-sr-xr-x 1 root bin 19 Nov 9 1995 /usr/sbin/sysdiag
-r-sr-xr-x 1 root bin 61440 Nov 9 1995 /usr/sbin/suplicen
