From owner-freebsd-hackers Mon Feb 24 12:46:14 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA16674 for hackers-outgoing; Mon, 24 Feb 1997 12:46:14 -0800 (PST) Received: from lightside.com (hamby1.lightside.net [207.67.176.17]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id MAA16240; Mon, 24 Feb 1997 12:38:10 -0800 (PST) Received: by lightside.com (SMI-8.6/SMI-SVR4) id MAA00577; Mon, 24 Feb 1997 12:38:23 -0800 Date: Mon, 24 Feb 1997 12:38:23 -0800 From: jehamby@lightside.com (Jake Hamby) Message-Id: <199702242038.MAA00577@lightside.com> To: abelits@phobos.illtel.denver.co.us, angio@aros.net Subject: Re: disallow setuid root shells? Cc: hackers@freebsd.org, auditors@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: oUESNdzLuXs5Zh+91tyILQ== Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [auditors added back to CC: list] > > IMHO adding "anti-setuid" code into shell will help, but that help won't > > worth the effort of typing "setuid(getuid());" and recompiling the shell > > -- it only makes one more step required to get the same result unless the > > system is stripped down until becoming completely useless (but stripped > > down until becoming completely useless system isn't vulnerable to most of > > known security bugs anyway). > > I disagree. It's a small thing, and very easy to get around, but > it would help reduce the number of breakins by people who don't > understand what they're doing aside from running this program-thingy > that someone gave them. > > I freely admit that most of these people will be using widely > published exploit code, and that almost any vigilant sysadmin won't > be vulnerable to them -- but not everybody is anal about keeping their > computer up to date and secure. Forgive me for sounding political, > but if even one or two computers are prevented from having a root > compromise by this, it seems worthwhile - especially since nobody > can think of anything it would actually hurt. My sentiments exactly! I would think that if there was a valid reason for setuid root shells, then a commercial OS like Solaris would probably allow them (since paying customers often would rather have functionality than security!). While of course this will only protect against the lamest of system crackers, there really is no compelling reason NOT to do it, and if only one or two computers are saved by this, it's worthwhile (hmm, that seems to be exactly what you said, isn't it :) -- Jake