Date: Thu, 28 Mar 2002 16:37:54 -0800 (PST) From: Jason Stone <jason-fbsd-security@shalott.net> To: <security@FreeBSD.ORG> Subject: Re: make world and setuid bits Message-ID: <20020328161518.R5333-100000@walter> In-Reply-To: <20020328121850.D97841@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Are there make variables that can be set to prevent "make world" from > > installing binaries as setuid? Currently, I always run something like > > "find -perms -4000 | xargs chmod u-s" after doing a make world, but this > > seems inelegant, prone to human error, and dangerous as there's a > > (potentially quite long) period in which there are still many setuid > > binaries.... > > > > make options to allow the prevention of "setuid root", "all setuid", > > or "all setuid and all setgid" would be nice. > > For the vast majority of users, having no setuid binaries is a really, > really bad idea from a security standpoint. It forces you to do > everything as root. 1) For server machines that have no non-root interactive users, the "no setuid or setgid at all" option is a very good idea. 2) Even on machines that do have interactive users, there are many environments where it's possible to turn off most of the setuid root bits - I see no reason to let users on a shared machine run ping or traceroute, rsh/rlogin should never be used at all, I can get away with not providing crontab, most servers don't have printers attached and therefore have no use for lpr, etc. So, given that there's decidedly some utility in doing this, is there any reason to not do so? -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8o7dnswXMWWtptckRAu4NAKDrXhbtaSAXA5RmdFGi4Uo6WlIAgwCfR1Pb ezlNsLJfYjpxvoCvAS4HiUc= =h1lp -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328161518.R5333-100000>