From owner-freebsd-security Wed Aug 1 17:29:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 8099F37B401 for ; Wed, 1 Aug 2001 17:29:46 -0700 (PDT) (envelope-from dima@unixfreak.org) Received: by bazooka.unixfreak.org (Postfix, from userid 1000) id 327E73E28; Wed, 1 Aug 2001 17:29:35 -0700 (PDT) Received: from bazooka.unixfreak.org (localhost [127.0.0.1]) by bazooka.unixfreak.org (Postfix) with ESMTP id 287023C12B; Wed, 1 Aug 2001 17:29:35 -0700 (PDT) To: Brian Somers Cc: freebsd-security@FreeBSD.ORG Subject: Re: RELEASE 4.3 -> RELENG_4_3: SUCCESSFULLY but ... In-Reply-To: <200108020005.f7205A811423@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on "Thu, 02 Aug 2001 01:05:10 +0100" Date: Wed, 01 Aug 2001 17:29:30 -0700 From: Dima Dorfman Message-Id: <20010802002935.327E73E28@bazooka.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brian Somers writes: > $ ls -lo /bin/* /usr/bin/* /sbin/* /usr/sbin/* /usr/libexec/* | fgrep -w schg > -r-sr-xr-x 1 root wheel schg 348908 Aug 1 07:58 /bin/rcp > -r-x------ 1 root wheel schg 382188 Aug 1 08:10 /sbin/init > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chfn > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chpass > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chsh > -r-sr-xr-x 1 root wheel schg 24936 Jul 26 11:23 /usr/bin/crontab > -r-sr-xr-x 1 root wheel schg 21668 Aug 1 08:15 /usr/bin/login > -r-sr-xr-x 1 man wheel schg 29040 Jul 16 09:07 /usr/bin/man > -r-sr-xr-x 1 root wheel schg 4064 Jul 16 09:15 /usr/bin/opieinfo > -r-sr-xr-x 1 root wheel schg 10692 Jul 16 09:15 /usr/bin/opiepasswd > -r-sr-xr-x 2 root wheel schg 26900 Aug 1 08:16 /usr/bin/passwd > -r-sr-xr-x 1 root wheel schg 10296 Jul 16 09:15 /usr/bin/rlogin > -r-sr-xr-x 1 root wheel schg 7660 Aug 1 08:16 /usr/bin/rsh > -r-sr-xr-x 1 root wheel schg 10456 Aug 1 08:16 /usr/bin/su > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchfn > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchpass > -r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchsh > -r-sr-xr-x 2 root wheel schg 26900 Aug 1 08:16 /usr/bin/yppasswd > -r-xr-xr-x 1 root wheel schg 85120 Aug 1 08:09 /usr/libexec/ld-elf.so.1 > -r-sr-x--- 1 root network schg 11256 Jul 16 09:17 /usr/sbin/sliplogin > > This just blows my mind. Not only because I can't see (for example) why > rsh has schg and rshd does not, but also because > > $ ls -lod / /bin /usr/bin /sbin /usr /usr/sbin /usr/libexec > drwxr-xr-x 21 root wheel - 512 Aug 1 14:07 / > drwxr-xr-x 2 root wheel - 1024 Aug 1 08:14 /bin > drwxr-xr-x 2 root wheel - 2048 Aug 1 08:11 /sbin > drwxr-xr-x 26 root wheel - 512 Aug 1 07:54 /usr > drwxr-xr-x 2 root wheel - 8192 Aug 1 08:21 /usr/bin > drwxr-xr-x 8 root wheel - 1536 Aug 1 08:21 /usr/libexec > drwxr-xr-x 2 root wheel - 4608 Aug 1 08:21 /usr/sbin > > makes the whole thing a joke. Even at a high secure level, to > replace /sbin/init for example, you can All but two of the binaries you mentioned are setuid, so I think the point of schg in this case is to prevent somebody from doing `cat my_trojan > /bin/rcp` and having my_trojan automatically setuid. Of course to do that you already have to be root, so the point is kind of mute. As Kris said, at least it's an anti-foot-shooting measure. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message