From owner-freebsd-security Sun Aug 3 07:06:30 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA25318 for security-outgoing; Sun, 3 Aug 1997 07:06:30 -0700 (PDT) Received: from netrail.net (netrail.net [205.215.10.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA25313 for ; Sun, 3 Aug 1997 07:06:27 -0700 (PDT) Received: from localhost (jonz@localhost) by netrail.net (8.8.6/8.8.6) with SMTP id KAA04700 for ; Sun, 3 Aug 1997 10:05:46 GMT Date: Sun, 3 Aug 1997 10:05:45 +0000 (GMT) From: "Jonathan A. Zdziarski" To: security@freebsd.org Subject: setuid shutdown? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I just realized that my version of freebsd 2.2.2 installs with a set-uid-root shutdown command allowing anybody who wants to to shutdown or reboot the server. Obviously I removed the bits, and got rid of the problem, but you might all want to check that. I currently have sudo installed, and am able to unsuid quite a few other programs and run them under sudo (which logs nicely what my employees are doing too). Also: I noticed that 2.2.2 installs /usr/bin/perl (4) and a setuid root version of it as well (found this out when I noticed that adduser and rmuser are perl and not c). If I'm not mistaken 4 has some major security problems with setuid perl, no? ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL -------------------------------------------------------------------------