Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 01 Aug 2001 17:29:30 -0700
From:      Dima Dorfman <dima@unixfreak.org>
To:        Brian Somers <brian@Awfulhak.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: RELEASE 4.3 -> RELENG_4_3: SUCCESSFULLY but ... 
Message-ID:  <20010802002935.327E73E28@bazooka.unixfreak.org>
In-Reply-To: <200108020005.f7205A811423@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on "Thu, 02 Aug 2001 01:05:10 %2B0100"

next in thread | previous in thread | raw e-mail | index | archive | help
Brian Somers <brian@Awfulhak.org> writes:
> $ ls -lo /bin/* /usr/bin/* /sbin/* /usr/sbin/* /usr/libexec/* | fgrep -w schg
> -r-sr-xr-x   1 root  wheel     schg  348908 Aug  1 07:58 /bin/rcp
> -r-x------   1 root  wheel     schg  382188 Aug  1 08:10 /sbin/init
> -r-sr-xr-x   6 root  wheel     schg   32612 Aug  1 08:15 /usr/bin/chfn
> -r-sr-xr-x   6 root  wheel     schg   32612 Aug  1 08:15 /usr/bin/chpass
> -r-sr-xr-x   6 root  wheel     schg   32612 Aug  1 08:15 /usr/bin/chsh
> -r-sr-xr-x   1 root  wheel     schg   24936 Jul 26 11:23 /usr/bin/crontab
> -r-sr-xr-x   1 root  wheel     schg   21668 Aug  1 08:15 /usr/bin/login
> -r-sr-xr-x   1 man   wheel     schg   29040 Jul 16 09:07 /usr/bin/man
> -r-sr-xr-x   1 root  wheel     schg    4064 Jul 16 09:15 /usr/bin/opieinfo
> -r-sr-xr-x   1 root  wheel     schg   10692 Jul 16 09:15 /usr/bin/opiepasswd
> -r-sr-xr-x   2 root  wheel     schg   26900 Aug  1 08:16 /usr/bin/passwd
> -r-sr-xr-x   1 root  wheel     schg   10296 Jul 16 09:15 /usr/bin/rlogin
> -r-sr-xr-x   1 root  wheel     schg    7660 Aug  1 08:16 /usr/bin/rsh
> -r-sr-xr-x   1 root  wheel     schg   10456 Aug  1 08:16 /usr/bin/su
> -r-sr-xr-x   6 root  wheel     schg   32612 Aug  1 08:15 /usr/bin/ypchfn
> -r-sr-xr-x   6 root  wheel     schg   32612 Aug  1 08:15 /usr/bin/ypchpass
> -r-sr-xr-x   6 root  wheel     schg   32612 Aug  1 08:15 /usr/bin/ypchsh
> -r-sr-xr-x   2 root  wheel     schg   26900 Aug  1 08:16 /usr/bin/yppasswd
> -r-xr-xr-x   1 root  wheel     schg   85120 Aug  1 08:09 /usr/libexec/ld-elf.so.1
> -r-sr-x---   1 root  network   schg   11256 Jul 16 09:17 /usr/sbin/sliplogin
> 
> This just blows my mind.  Not only because I can't see (for example) why 
> rsh has schg and rshd does not, but also because
> 
> $ ls -lod / /bin /usr/bin /sbin /usr /usr/sbin /usr/libexec
> drwxr-xr-x  21 root  wheel  -  512 Aug  1 14:07 /
> drwxr-xr-x   2 root  wheel  - 1024 Aug  1 08:14 /bin
> drwxr-xr-x   2 root  wheel  - 2048 Aug  1 08:11 /sbin
> drwxr-xr-x  26 root  wheel  -  512 Aug  1 07:54 /usr
> drwxr-xr-x   2 root  wheel  - 8192 Aug  1 08:21 /usr/bin
> drwxr-xr-x   8 root  wheel  - 1536 Aug  1 08:21 /usr/libexec
> drwxr-xr-x   2 root  wheel  - 4608 Aug  1 08:21 /usr/sbin
> 
> makes the whole thing a joke.  Even at a high secure level, to 
> replace /sbin/init for example, you can

All but two of the binaries you mentioned are setuid, so I think the
point of schg in this case is to prevent somebody from doing
`cat my_trojan > /bin/rcp` and having my_trojan automatically setuid.  Of
course to do that you already have to be root, so the point is kind
of mute.  As Kris said, at least it's an anti-foot-shooting measure.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010802002935.327E73E28>