From owner-freebsd-security  Thu Dec 16 11:32:26 1999
Delivered-To: freebsd-security@freebsd.org
Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14])
	by hub.freebsd.org (Postfix) with ESMTP id B5AFE14D66
	for <freebsd-security@FreeBSD.ORG>; Thu, 16 Dec 1999 11:32:22 -0800 (PST)
	(envelope-from mike@sentex.net)
Received: from simoeon (simeon.sentex.ca [209.112.4.47])
	by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id OAA07631
	for <freebsd-security@FreeBSD.ORG>; Thu, 16 Dec 1999 14:32:17 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <3.0.5.32.19991216143031.0192ae30@staff.sentex.ca>
X-Sender: mdtpop@staff.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Thu, 16 Dec 1999 14:30:31 -0500
To: freebsd-security@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.net>
Subject: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier
  root exploit (fwd) )
In-Reply-To: <14425.12637.308602.637788@anarcat.dyndns.org>
References: <14425.12035.757889.422296@anarcat.dyndns.org>
 <199912160615.XAA69151@harmony.village.org>
 <Pine.BSF.3.96.991216091552.26813A-100000@fledge.watson.org>
 <199912161828.LAA72864@harmony.village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 01:37 PM 12/16/99 -0500, Spidey wrote:
>Yes. Since I've been looking at setuid's on FBSD, my primary concern's
>been with the ports. I wished there could be some way to have a
>variable in the Makefiles that say "NOSETUID=YES". :))


Even the main tree seems a big permissive for some applications (in my
case, an ISP).  There are a few things I disable each time I make world on
my shell and web server.  What would be the best way to automate this and
give other people an easy way to disable unresitricted access easily to
potentially dangerous programs ?  e.g. looking through
/var/log/setuid.today some of the files that look like a candidate for
chmod o-x are


-r-xr-sr-x  1 root  kmem      100148 Dec 14 00:02:03 1999 /sbin/ccdconfig
-r-xr-sr-x  2 root  tty       221752 Dec 14 00:02:05 1999 /sbin/dump
-r-xr-sr-x  2 root  tty       221752 Dec 14 00:02:05 1999 /sbin/rdump
-r-xr-sr-x  2 root  tty       244920 Dec 14 00:02:20 1999 /sbin/restore
-r-sr-xr-x  1 root  wheel     153760 Dec 14 00:02:21 1999 /sbin/route
-r-xr-sr-x  2 root  tty       244920 Dec 14 00:02:20 1999 /sbin/rrestore
-r-sr-xr-x  5 root  wheel   290448 Dec 14 00:04:32 1999 /usr/bin/hoststat
-r-sr-sr-x  1 root  daemon   18064 Dec 14 00:04:12 1999 /usr/bin/lpq
-r-sr-sr-x  1 root  daemon   20864 Dec 14 00:04:12 1999 /usr/bin/lpr
-r-sr-sr-x  1 root  daemon   17624 Dec 14 00:04:13 1999 /usr/bin/lprm
-r-s--x--x  1 root  wheel      47448 Apr 26 00:34:25 1999
/usr/bin/sperl5.00502
-r-s--x--x  2 root  wheel    47472 Dec 14 00:01:28 1999 /usr/bin/sperl5.00503
-r-s--x--x  2 root  wheel      47472 Dec 14 00:01:28 1999 /usr/bin/suidperl
-r-xr-sr-x  1 root  kmem     52424 Dec 14 00:03:47 1999 /usr/bin/systat
-r-xr-sr-x  1 root  kmem     14536 Dec 14 00:03:54 1999 /usr/bin/vmstat
-r-xr-sr-x  2 root  kmem     10576 Dec 14 00:03:54 1999 /usr/bin/w
-r-xr-sr-x  1 root  tty       8108 Dec 14 00:03:54 1999 /usr/bin/wall
-r-xr-sr-x  1 root      games      6188 Dec 13 23:59:52 1999 /usr/games/dm
-rwxr-sr-x  1 root  kmem     88160 Mar 18 21:39:54 1999 /usr/local/sbin/lsof
-r-xr-sr-x  1 root      kmem       9472 Dec 14 00:04:09 1999 /usr/sbin/iostat
-r-xr-sr-x  1 root      daemon    23968 Dec 14 00:04:12 1999 /usr/sbin/lpc
-r-sr-xr-x  1 root      wheel     14528 Dec 14 00:04:15 1999 /usr/sbin/mrinfo
-r-sr-xr-x  1 root      wheel     27528 Dec 14 00:04:15 1999 /usr/sbin/mtrace
-r-xr-sr-x  2 root      kmem      13184 Dec 14 00:04:20 1999 /usr/sbin/pstat
-r-sr-xr-x  5 root      wheel    290448 Dec 14 00:04:32 1999
/usr/sbin/purgestat
-r-sr-x---  1 root      network    9768 Dec 14 00:04:22 1999
/usr/sbin/sliplogin
-r-xr-sr-x  2 root      kmem      13184 Dec 14 00:04:20 1999
/usr/sbin/swapinfo
-r-sr-xr-x  1 root      wheel     13440 Dec 14 00:04:24 1999 /usr/sbin/timedc
-r-xr-sr-x  1 root      kmem       7036 Dec 14 00:04:25 1999 /usr/sbin/trpt



Things like the printer control for example... If you dont have printing
services, why bother with the control programs.  Similarly, I dont think my
users need access to vmstat or any of the backup programs, local or remote.
 If a program were to be created to track these files, and suggest to the
end user a method to disabling +o access, what would be the best way to go
about designing it ?  Should it just read the contents of
/var/log/setuid.today ? 


I like Robert's idea of the 

HAS_MISC_SET_ID= {yes,no}
HAS_ROOT_SETUID= {yes,no}

for the ports, although I would say give it a month or so before marking
anyhing broken.

	---Mike
------------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Network Administrator,     			  mike@sentex.net
Sentex Communications                 		  www.sentex.net
Cambridge, Ontario Canada


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message