From owner-freebsd-security Tue Sep 10 18:25:33 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA28593 for security-outgoing; Tue, 10 Sep 1996 18:25:33 -0700 (PDT) Received: from scapa.cs.ualberta.ca (root@scapa.cs.ualberta.ca [129.128.4.44]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA28588 for ; Tue, 10 Sep 1996 18:25:31 -0700 (PDT) Received: from ve6kik by scapa.cs.ualberta.ca with UUCP id <13080-11310>; Tue, 10 Sep 1996 19:25:22 -0600 Received: by ve6kik.ampr.ab.ca (Smail3.1.28.1 #5) id m0v0cUy-000OFNC; Tue, 10 Sep 96 17:45 WET DST Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id RAA13947; Tue, 10 Sep 1996 17:42:38 -0600 (MDT) Date: Tue, 10 Sep 1996 17:42:38 -0600 (MDT) From: Marc Slemko To: John Paul Lonie cc: freebsd-security@freebsd.org Subject: Re: suid/sguid files In-Reply-To: <3.0b11.32.19960910190410.006e4c94@203.4.181.10> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I started putting together a file running through all the setuid files on a default FreeBSD install and making suggestions about what happens if you remove the setuid bit, and what alternatives there are. I hope to finish it up and get around to posting it sometime. In the meantime, a few comments about a few of the items mentioned. On Tue, 10 Sep 1996, John Paul Lonie wrote: > Hello all, > > Just wondering what the effect would be on removing the set u/g of > the following files. Most of these are -s kmem or tty or dialer. > > First of all what difference would the kmem ones have on the root users use > of these files, I presume nothing but I wouldn't mind being certain. In general, unless files are setuid something other than root, removing the setuid and setgid bits will no result in any change in behavior when root runs them. > I suppose the real question is does anything fall over if the kem /tty > groups are changed on systems with only the root user. There should be no systems with only root. Limit your losses; if you aren't running as root all the time, you can't hurt as much. sudo is magic. > /sbin/dump - why is this tty ? -r-sr-sr-x 1 root tty 188416 Jul 17 03:23 > dump As someone has already pointed out, it is for use in conjunction with the n option which notifies those in the group operator when it needs attention. > /usr/bin/login Setuid can be taken off login as long as you don't need to allow users who are already logged in to login with a different name and password by execing login. > /usr/bin/su You probably want to keep su setuid unless you use something like sudo. Never long as root, use su or sudo. > /usr/bin/wall Does this affect the shutdown scripts ? No. shutdown uses wall, but it runs as root anyway so who cares. > /usr/libexec/mail.local Removing the setuid bit breaks local mail delivery.