Date: Mon, 24 Feb 1997 11:23:51 -0700 From: Dave Andersen <angio@aros.net> To: Alex Belits <abelits@phobos.illtel.denver.co.us> Cc: hackers@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <199702241823.LAA27302@fluffy.aros.net>
next in thread | raw e-mail | index | archive | help
-------- [CC: list trimmed] > IMHO adding "anti-setuid" code into shell will help, but that help won't > worth the effort of typing "setuid(getuid());" and recompiling the shell > -- it only makes one more step required to get the same result unless the > system is stripped down until becoming completely useless (but stripped > down until becoming completely useless system isn't vulnerable to most of > known security bugs anyway). I disagree. It's a small thing, and very easy to get around, but it would help reduce the number of breakins by people who don't understand what they're doing aside from running this program-thingy that someone gave them. I freely admit that most of these people will be using widely published exploit code, and that almost any vigilant sysadmin won't be vulnerable to them -- but not everybody is anal about keeping their computer up to date and secure. Forgive me for sounding political, but if even one or two computers are prevented from having a root compromise by this, it seems worthwhile - especially since nobody can think of anything it would actually hurt. -Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702241823.LAA27302>