From owner-freebsd-security  Mon Jul 28 14:42:53 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA05192
          for security-outgoing; Mon, 28 Jul 1997 14:42:53 -0700 (PDT)
Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA05185
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 14:42:51 -0700 (PDT)
Received: from Jupiter.Mcs.Net (karl@Jupiter.mcs.net [192.160.127.88]) by Kitten.mcs.com (8.8.5/8.8.2) with ESMTP id QAA23991; Mon, 28 Jul 1997 16:42:28 -0500 (CDT)
Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id QAA16687; Mon, 28 Jul 1997 16:42:28 -0500 (CDT)
Message-ID: <19970728164228.19622@Jupiter.Mcs.Net>
Date: Mon, 28 Jul 1997 16:42:28 -0500
From: Karl Denninger  <karl@Mcs.Net>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: Adam Shostack <adam@homeport.org>, Vincent Poy <vince@mail.MCESTATE.COM>,
        security@FreeBSD.ORG
Subject: Re: security hole in FreeBSD
References: <199707282004.QAA07078@homeport.org> <Pine.BSF.3.95q.970728164656.3342K-100000@cyrus.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.64
In-Reply-To: <Pine.BSF.3.95q.970728164656.3342K-100000@cyrus.watson.org>; from Robert Watson on Mon, Jul 28, 1997 at 04:55:19PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, Jul 28, 1997 at 04:55:19PM -0400, Robert Watson wrote:
> On Mon, 28 Jul 1997, Adam Shostack wrote:
> 
> > Vincent Poy wrote:
> > 
> > 	su really should be setuid.  Everything else is debatable.  My
> > advice is to turn off all setuid bits except those you know you need
> > (possibly w, who, ps, ping, at, passwd)
> > 
> > find / -xdev -perm -4000 -ok chmod u-s {} \;
> > find /usr -xdev -perm -4000 -ok chmod u-s {} \;
> > find / -xdev -perm -2000 -ok chmod g-s {} \;
> > find /usr -xdev -perm -2000 -ok chmod g-s {} \;
> > # The semicolons are part of the line
> 
> Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc)
> require root access to delivery to local mailboxes; crontab related stuff,
> terminal locking, some kerberos commands, local XWindows servers, and su
> all rely on suid.
> 
> What type of secured environment are you hoping to create?  If root access
> is only to be used from the console, and shared functions like
> xwindows/mailstuff/user crontab aren't needed, you can probably just
> disable all the suid-root programs, or suid-anything programs.  Look also
> at the sgid programs that scan kmem.  Ideally, you'd also put the system
> in a higher secure level, and mount all partitions non-suid, as long as
> login kept working :).
> 
> Does login require suid, or does gettytab run it as root anyway?
> 
>   Robert N Watson 

If you take the SUID off login it works fine, PROVIDED you don't try to use
it to "re-login" (a rather common thing for Berzerkelyoids to do).

--
-- 
Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
			     | 99 Analog numbers, 77 ISDN, http://www.mcs.net/
Voice: [+1 312 803-MCS1 x219]| NOW Serving 56kbps DIGITAL on our analog lines!
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal