From owner-freebsd-security  Thu Mar 28 12:19: 2 2002
Delivered-To: freebsd-security@freebsd.org
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by hub.freebsd.org (Postfix) with ESMTP id 4582F37B41A
	for <security@FreeBSD.ORG>; Thu, 28 Mar 2002 12:18:51 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020328201851.YTIW2951.rwcrmhc53.attbi.com@blossom.cjclark.org>;
          Thu, 28 Mar 2002 20:18:51 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g2SKIob98240;
	Thu, 28 Mar 2002 12:18:50 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 28 Mar 2002 12:18:50 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Jason Stone <jason-fbsd-security@shalott.net>
Cc: security@FreeBSD.ORG
Subject: Re: make world and setuid bits
Message-ID: <20020328121850.D97841@blossom.cjclark.org>
References: <20020328131303.F98036-100000@axis.tdd.lt> <20020328043119.V5333-100000@walter>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020328043119.V5333-100000@walter>; from jason-fbsd-security@shalott.net on Thu, Mar 28, 2002 at 04:40:31AM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Mar 28, 2002 at 04:40:31AM -0800, Jason Stone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Are there make variables that can be set to prevent "make world" from
> installing binaries as setuid?  Currently, I always run something like
> "find -perms -4000 | xargs chmod u-s" after doing a make world, but this
> seems inelegant, prone to human error, and dangerous as there's a
> (potentially quite long) period in which there are still many setuid
> binaries....
> 
> make options to allow the prevention of "setuid root", "all setuid",
> or "all setuid and all setgid" would be nice.

For the vast majority of users, having no setuid binaries is a really,
really bad idea from a security standpoint. It forces you to do
everything as root.

If this is a policy on some machine somewhere, I don't that there is
much of a window of vulnerability. During the installation of the new
binaries, the system would be out of normal service. The system should
be isolated from potentially hostile users.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message