Date: Mon, 1 Nov 1999 14:36:32 +1100 From: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> To: Spidey <beaupran@iro.umontreal.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Examining FBSD set[ug]ids and their use Message-ID: <99Nov1.143118est.40332@border.alcanet.com.au> In-Reply-To: <14364.64172.638014.558487@anarcat.dyndns.org> References: <14364.64172.638014.558487@anarcat.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1999-Nov-01 13:27:56 +1100, Spidey wrote:
>I started 'compiling' some info about the use of the setuid and setgid
>files in FreeBSD.
An excellent idea. Note that some of the files you specify are
ports.
As a general rule, anything that is setgid kmem should be converted
to a new sysctl with an unprivileged task to access it.
># Allow users to see processes? Users cannot see the 'STARTED' and
># 'TIME' columns, from ps aux... I don't want to dig much more..
> ps gname=kmem mode=2555
I believe it's necessary for users to see other users' processes.
The information should probably be available via /proc instead.
># I don't have a ccd... I can't test this.
> ccdconfig gname=kmem
Probably unnecessary. No-one but root needs to be able to run ccdconfig.
># Allow users to dump on remote (see dump(1), the BUGS section)
> dump gname=tty
> rdump gname=tty
> restore gname=tty
> rrestore gname=tty
As I recall it, this is to allow dump/restore to write to the console
(and wake up the operator) when it needs feeding.
># Allow users to bind on a socket (which? where?)
> ping mode=4555
Needed to allow ordinary mortals to sent raw IP (ICMP) packets.
># Allow users to consult routing tables
> route mode=4555
Needed to allow ordinary mortals to access the routing socket.
This is probably another sysctl candidate.
># ????? Look what's here?!
> Xwrapper mode=4711
This is a wrapper for the X-server. The idea is that Xwrapper is
slightly smaller :-) and less subject to security holes.
># Allow users to read master.passwd, skeykeys and probably other
># things...
> login
Necessary to allow users to log in as another user.
># Allow users to read the mail queue
># Again, this is part of the sendmail suite and _can_ be replaced :)
> mailq
Hard link to newaliases and sendmail. Only needs root for local
mail delivery in the absence of a setuid local delivery agent.
(It's fairly trivial to sandbox sendmail).
># Allow users to use the catman cache
^^^ update
> man uname=man
># Allow users to 'read' /etc/master.passwd
> su
Actually it's to allow users to change thir uid.
># I never understood what uucp was....
>/set mode=4555 uname=uucp gname=wheel
> uucp
> uuname
> uustat gname=dialer mode=6555
> uux
UUCP lives in it's own sandbox.
># "Gaming" management
> dm
All games live in their own group for sandboxing.
># This is the sendmail super-program that does everything. Get rid of
># it, install postfix.. :)
Religious comments don't belong in a file being touted as a part
of generic FreeBSD.
Peter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Nov1.143118est.40332>