From owner-freebsd-questions@FreeBSD.ORG Sat Jul 26 10:19:55 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98DC737B401 for ; Sat, 26 Jul 2003 10:19:55 -0700 (PDT) Received: from ns.pro.sk (proxy.pro.sk [195.80.161.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7B6343F93 for ; Sat, 26 Jul 2003 10:19:53 -0700 (PDT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.11.3/8.11.3) with SMTP id h6QHJqE99260 for ; Sat, 26 Jul 2003 19:19:52 +0200 (CEST) (envelope-from prosa@pro.sk) Message-ID: <00aa01c3539a$0ddd9400$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD Questions" References: <00a201c35398$ed1de680$3501a8c0@pro.sk> Date: Sat, 26 Jul 2003 19:19:21 +0200 Organization: PRO, s.r.o. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Subject: Re: suid bit files and securing FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 17:19:55 -0000 Sorry for disturbing you. This was for security mailing list and I sent it here by mistake Cheers, Peter Rosa ----- Original Message ----- From: "Peter Rosa" To: "FreeBSD Questions" Sent: Saturday, July 26, 2003 7:11 PM Subject: suid bit files and securing FreeBSD > Hello everybody, > > I'm a newbie in this list, so I don't know if it's the appropriate place > for my question. Anyway, I'd be happy to find out the solution. > > Please, has anyone simple answer for: > > I'm looking for an exact list of files, which: > 1. MUST have... > 2. HAVE FROM BSD INSTALLATION... > 3. DO NOT NEED... > 4. NEVER MAY... > ...the suid-bit set. > > Of course, it's no problem to find-out which files ALREADY HAS > suid-bit set. But what files REALLY MUST have it ? > I know generalities, as e.g. shell should never have suid bit set, > but what if someone has copied any shell to some other location > and have set the suid bit ? It's security hole, isn't it ? > And what if I have more such files on my machine ? > It is not about my machine has been compromited, it is only WHAT IF... > > -------------------------------------------- > > Second question is: Has anybody an exact wizard, how to secure > the FreeBSD machine. Imagine the situation, the only person who > can do anything on that machine is me, and nobody other. I have > set very restrictive firewalling, I have removed ALL tty's except > two local tty's (I need to work on that machine), but there are > still open port 25 and 53 (must be forever), so someone very > tricky can compromite my machine. > > I'm a little bit paranoic, don't I :-))))))) > > Cheers, > > Peter Rosa > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >