From owner-freebsd-security Wed Aug 11 15: 7:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (secure.smtp.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id 0CA91155F2 for ; Wed, 11 Aug 1999 15:07:08 -0700 (PDT) (envelope-from JHowie@msn.com) Received: from JHowie - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Wed, 11 Aug 1999 15:07:04 -0700 Message-ID: <013701bee446$e05a98f0$fe01a8c0@pacbell.net> From: "John Howie" To: "Andrey E. Lerman" , Subject: Fw: info on suid/sgid files Date: Wed, 11 Aug 1999 15:14:27 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrey wrote: > I did a quick search for a suid/sgid files on our server's hd > and found a lot. I really didn't expected so many. I removed > bits on about 80% of it without any visible (yet) impact to > system's operation. So I'm wondering, where to find info about > what these suid/sgid bits was for and what I loose removing > them. Some of progs I chmod'ed really amazed me, for example > quota, df, ps, dump, restore, shutdown... Many of those programs require privileges to access kernel memory, the raw hard disk, etc. Ordinary users will not have the necessary permissions to access these parts of the OS hence the SUID bit. Many system administrators freak out but the reality is that these utilities rarely (but not never) expose a risk to system security. While the truly paranoid might remove the SUID bit, it is often unnecessary and can cause legitimate, non-root, users problems when they want to see what is running on the system, what their disk quota usage is, etc. You mentioned that you found these on your server. I am assuming that this is a file and print server. If your users cannot access this system interactively, either at the console or over the network by disabling the telnet and r* daemons, then you have very little to worry about. I, personally, would not remove them from workstations. john... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message