Date: Mon, 28 Jul 1997 16:04:51 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: vince@mail.MCESTATE.COM (Vincent Poy) Cc: langfod@dihelix.com, security@FreeBSD.ORG, mario1@PrimeNet.Com, johnnyu@accessus.net Subject: Re: security hole in FreeBSD Message-ID: <199707282004.QAA07078@homeport.org> In-Reply-To: <Pine.BSF.3.95.970728122545.3844j-100000@mail.MCESTATE.COM> from Vincent Poy at "Jul 28, 97 12:29:43 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Vincent Poy wrote:
| =)My suggestion to you would be to get a clean source tree, recompile everything
| =)and install tripwire.
|
| I'll do that as soon as the machine comes back up. I heard that
| suid programs can be a problem too but which ones are required to be suid?
su really should be setuid. Everything else is debatable. My
advice is to turn off all setuid bits except those you know you need
(possibly w, who, ps, ping, at, passwd)
find / -xdev -perm -4000 -ok chmod u-s {} \;
find /usr -xdev -perm -4000 -ok chmod u-s {} \;
find / -xdev -perm -2000 -ok chmod g-s {} \;
find /usr -xdev -perm -2000 -ok chmod g-s {} \;
# The semicolons are part of the line
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707282004.QAA07078>