From owner-freebsd-security Sun Aug 3 12:13:55 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA10063 for security-outgoing; Sun, 3 Aug 1997 12:13:55 -0700 (PDT) Received: from netrail.net (netrail.net [205.215.10.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA10058 for ; Sun, 3 Aug 1997 12:13:52 -0700 (PDT) Received: from localhost (jonz@localhost) by netrail.net (8.8.6/8.8.6) with SMTP id PAA19881; Sun, 3 Aug 1997 15:13:06 GMT Date: Sun, 3 Aug 1997 15:13:06 +0000 (GMT) From: "Jonathan A. Zdziarski" To: "Jordan K. Hubbard" cc: security@FreeBSD.ORG Subject: Re: setuid shutdown? In-Reply-To: <2950.870634971@time.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Yes I did check it out before reporting it I'm not an idiot. Perhaps it was set that way by somebody else before I took over the position, either way I noticed they were all globally executable. I'm glad that it's not the default of the installation. ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL ------------------------------------------------------------------------- On Sun, 3 Aug 1997, Jordan K. Hubbard wrote: :> I just realized that my version of freebsd 2.2.2 installs with a :> set-uid-root shutdown command allowing anybody who wants to to shutdown or :> reboot the server. Obviously I removed the bits, and got rid of the : :Uh, no, that's not correct. Shutdown's permissions, as installed in :2.2.2, are: : :-r-sr-x--- 1 root operator 139264 Jul 15 02:08 /sbin/shutdown : :Joe User *cannot* shut the system down because Joe user can't even :execute the damn thing. : :Did you actually CHECK this before you sent this bug report in? :-) : :> Also: I noticed that 2.2.2 installs /usr/bin/perl (4) and a setuid root :> version of it as well (found this out when I noticed that adduser and :> rmuser are perl and not c). If I'm not mistaken 4 has some major security :> problems with setuid perl, no? : :You need to read the CERT advisories - a patch for this has existed for :ages now. : : Jordan :