From owner-freebsd-security Sun Aug 3 12:03:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA09375 for security-outgoing; Sun, 3 Aug 1997 12:03:25 -0700 (PDT) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA09368 for ; Sun, 3 Aug 1997 12:03:20 -0700 (PDT) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.6/8.6.9) with ESMTP id MAA02954; Sun, 3 Aug 1997 12:02:51 -0700 (PDT) To: "Jonathan A. Zdziarski" cc: security@FreeBSD.ORG Subject: Re: setuid shutdown? In-reply-to: Your message of "Sun, 03 Aug 1997 10:05:45 -0000." Date: Sun, 03 Aug 1997 12:02:51 -0700 Message-ID: <2950.870634971@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > I just realized that my version of freebsd 2.2.2 installs with a > set-uid-root shutdown command allowing anybody who wants to to shutdown or > reboot the server. Obviously I removed the bits, and got rid of the Uh, no, that's not correct. Shutdown's permissions, as installed in 2.2.2, are: -r-sr-x--- 1 root operator 139264 Jul 15 02:08 /sbin/shutdown Joe User *cannot* shut the system down because Joe user can't even execute the damn thing. Did you actually CHECK this before you sent this bug report in? :-) > Also: I noticed that 2.2.2 installs /usr/bin/perl (4) and a setuid root > version of it as well (found this out when I noticed that adduser and > rmuser are perl and not c). If I'm not mistaken 4 has some major security > problems with setuid perl, no? You need to read the CERT advisories - a patch for this has existed for ages now. Jordan