Date: Wed, 01 Aug 2001 17:29:30 -0700 From: Dima Dorfman <dima@unixfreak.org> To: Brian Somers <brian@Awfulhak.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: RELEASE 4.3 -> RELENG_4_3: SUCCESSFULLY but ... Message-ID: <20010802002935.327E73E28@bazooka.unixfreak.org> In-Reply-To: <200108020005.f7205A811423@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on "Thu, 02 Aug 2001 01:05:10 %2B0100"
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Somers <brian@Awfulhak.org> writes: > $ ls -lo /bin/* /usr/bin/* /sbin/* /usr/sbin/* /usr/libexec/* | fgrep -w schg > -r-sr-xr-x 1 root wheel schg 348908 Aug 1 07:58 /bin/rcp > -r-x------ 1 root wheel schg 382188 Aug 1 08:10 /sbin/init > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chfn > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chpass > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chsh > -r-sr-xr-x 1 root wheel schg 24936 Jul 26 11:23 /usr/bin/crontab > -r-sr-xr-x 1 root wheel schg 21668 Aug 1 08:15 /usr/bin/login > -r-sr-xr-x 1 man wheel schg 29040 Jul 16 09:07 /usr/bin/man > -r-sr-xr-x 1 root wheel schg 4064 Jul 16 09:15 /usr/bin/opieinfo > -r-sr-xr-x 1 root wheel schg 10692 Jul 16 09:15 /usr/bin/opiepasswd > -r-sr-xr-x 2 root wheel schg 26900 Aug 1 08:16 /usr/bin/passwd > -r-sr-xr-x 1 root wheel schg 10296 Jul 16 09:15 /usr/bin/rlogin > -r-sr-xr-x 1 root wheel schg 7660 Aug 1 08:16 /usr/bin/rsh > -r-sr-xr-x 1 root wheel schg 10456 Aug 1 08:16 /usr/bin/su > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchfn > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchpass > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchsh > -r-sr-xr-x 2 root wheel schg 26900 Aug 1 08:16 /usr/bin/yppasswd > -r-xr-xr-x 1 root wheel schg 85120 Aug 1 08:09 /usr/libexec/ld-elf.so.1 > -r-sr-x--- 1 root network schg 11256 Jul 16 09:17 /usr/sbin/sliplogin > > This just blows my mind. Not only because I can't see (for example) why > rsh has schg and rshd does not, but also because > > $ ls -lod / /bin /usr/bin /sbin /usr /usr/sbin /usr/libexec > drwxr-xr-x 21 root wheel - 512 Aug 1 14:07 / > drwxr-xr-x 2 root wheel - 1024 Aug 1 08:14 /bin > drwxr-xr-x 2 root wheel - 2048 Aug 1 08:11 /sbin > drwxr-xr-x 26 root wheel - 512 Aug 1 07:54 /usr > drwxr-xr-x 2 root wheel - 8192 Aug 1 08:21 /usr/bin > drwxr-xr-x 8 root wheel - 1536 Aug 1 08:21 /usr/libexec > drwxr-xr-x 2 root wheel - 4608 Aug 1 08:21 /usr/sbin > > makes the whole thing a joke. Even at a high secure level, to > replace /sbin/init for example, you can All but two of the binaries you mentioned are setuid, so I think the point of schg in this case is to prevent somebody from doing `cat my_trojan > /bin/rcp` and having my_trojan automatically setuid. Of course to do that you already have to be root, so the point is kind of mute. As Kris said, at least it's an anti-foot-shooting measure. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010802002935.327E73E28>