From owner-freebsd-hackers Mon Feb 24 14:31:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA24406 for hackers-outgoing; Mon, 24 Feb 1997 14:31:41 -0800 (PST) Received: from cougar.aceonline.com.au (adrian@cougar.aceonline.com.au [203.103.81.36]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA24005; Mon, 24 Feb 1997 14:27:43 -0800 (PST) Received: from localhost (adrian@localhost) by cougar.aceonline.com.au (8.8.4/8.7) with SMTP id GAA10582; Tue, 25 Feb 1997 06:28:22 +0800 Date: Tue, 25 Feb 1997 06:28:21 +0800 (WST) From: Adrian Chadd To: auditors@freebsd.org cc: Julian Elischer , hackers@freebsd.org Subject: Re: disallow setuid root shells? In-Reply-To: <1735.856819372@time.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 24 Feb 1997, Jordan K. Hubbard wrote: > > I think that I like this better. There are many people that use a > > setuid/setgid shell program to allow access to other programs on the > > system. At least this was true before sudo and friends. > > I could also live with this. I have thought a bit more about > supporting the exit-on-suid shell hack, and I have to also agree with > some of the folks who point out that it really *would* violate POLA > and veer dangerously close to just breaking something in support of > arbitrary principles rather than good engineering. Feh. This is > clearly one of those issues with lots of pros-and-cons on either > side. :-) > > How about if we be conservative and just add logging for now? :-) > Yep.. that sounds good :) I thought of the writing-code-to-exec-something, and came up with a mini shell in a few minutes to do it with (but it was late and I have uni :) Yes, I like the idea of logging, but then its done isn't it? And yes, quite a hell of a lot of "hackers" nowdays are people learning to do it, and running your "packaged" exploits. Of course its not going to work for "smart" hackers (eg ones that hang around these lists) but its just one of those nice things we can do and it makes their job just that TAD bit harder. :) My idea now stands at logging AND failing (silently), so the non-thinking hacker would have a greater chance of being picked up. Post thoughts, feelings, etc, and when I get home this evening I'll do what the group feels is right. :) > Jordan > Adrian. Btw - I use sudo a lot - and I've never seen the need for an suid shell script. Does anyone here? (besides maybe adduser, which is done in perl, and perl has inbuilt ways to stop people misusing this)