Date: Sun, 3 Aug 1997 10:05:45 +0000 (GMT) From: "Jonathan A. Zdziarski" <jonz@netrail.net> To: security@freebsd.org Subject: setuid shutdown? Message-ID: <Pine.BSF.3.95q.970803100305.4197B-100000@netrail.net>
next in thread | raw e-mail | index | archive | help
I just realized that my version of freebsd 2.2.2 installs with a set-uid-root shutdown command allowing anybody who wants to to shutdown or reboot the server. Obviously I removed the bits, and got rid of the problem, but you might all want to check that. I currently have sudo installed, and am able to unsuid quite a few other programs and run them under sudo (which logs nicely what my employees are doing too). Also: I noticed that 2.2.2 installs /usr/bin/perl (4) and a setuid root version of it as well (found this out when I noticed that adduser and rmuser are perl and not c). If I'm not mistaken 4 has some major security problems with setuid perl, no? ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL -------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970803100305.4197B-100000>