From owner-freebsd-security  Sun Aug  3 12:13:55 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA10063
          for security-outgoing; Sun, 3 Aug 1997 12:13:55 -0700 (PDT)
Received: from netrail.net (netrail.net [205.215.10.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA10058
          for <security@FreeBSD.ORG>; Sun, 3 Aug 1997 12:13:52 -0700 (PDT)
Received: from localhost (jonz@localhost)
	by netrail.net (8.8.6/8.8.6) with SMTP id PAA19881;
	Sun, 3 Aug 1997 15:13:06 GMT
Date: Sun, 3 Aug 1997 15:13:06 +0000 (GMT)
From: "Jonathan A. Zdziarski" <jonz@netrail.net>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
cc: security@FreeBSD.ORG
Subject: Re: setuid shutdown? 
In-Reply-To: <2950.870634971@time.cdrom.com>
Message-ID: <Pine.BSF.3.95q.970803151150.18721A-100000@netrail.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Yes I did check it out before reporting it I'm not an idiot.  Perhaps it
was set that way by somebody else before I took over the position, either
way I noticed they were all globally executable.  I'm glad that it's not
the default of the installation.


-------------------------------------------------------------------------
Jonathan A. Zdziarski                                NetRail Incorporated
Server Engineering Manager                    230 Peachtree St. Suite 500
jonz@netrail.net                                        Atlanta, GA 30303
http://www.netrail.net                                    (888) - NETRAIL
------------------------------------------------------------------------- 

On Sun, 3 Aug 1997, Jordan K. Hubbard wrote:

:> I just realized that my version of freebsd 2.2.2 installs with a
:> set-uid-root shutdown command allowing anybody who wants to to shutdown or
:> reboot the server.  Obviously I removed the bits, and got rid of the
:
:Uh, no, that's not correct.  Shutdown's permissions, as installed in
:2.2.2, are:
:
:-r-sr-x---  1 root  operator  139264 Jul 15 02:08 /sbin/shutdown
:
:Joe User *cannot* shut the system down because Joe user can't even
:execute the damn thing.
:
:Did you actually CHECK this before you sent this bug report in? :-)
:
:> Also: I noticed that 2.2.2 installs /usr/bin/perl (4) and a setuid root
:> version of it as well (found this out when I noticed that adduser and
:> rmuser are perl and not c).  If I'm not mistaken 4 has some major security
:> problems with setuid perl, no?
:
:You need to read the CERT advisories - a patch for this has existed for
:ages now.
:
:					Jordan
: