From owner-freebsd-security Thu Apr 13 07:19:50 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id HAA15532 for security-outgoing; Thu, 13 Apr 1995 07:19:50 -0700 Received: from sol.sees.bangor.ac.uk (sol.sees.bangor.ac.uk [147.143.102.1]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id HAA15517 for ; Thu, 13 Apr 1995 07:19:25 -0700 From: Mr D Whitehead (Ext 2703) Message-Id: <14679.9504131419@sol.sees.bangor.ac.uk> Subject: Broken find invalidates /etc/security To: freebsd-security@FreeBSD.org Date: Thu, 13 Apr 1995 15:19:37 +0100 (BST) X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1419 Sender: security-owner@FreeBSD.org Precedence: bulk Strictly speaking this is a bug report, but as I found it while checking the /etc/security script for FreeBSD 2.0-950112-SNAP I thought it best to report it here. Description ----------- The the scan for suid files is only finding sgid files. The responsibility for this seems to lie with the -or operator to find. If you change the -or to -and the script will do what you expect ( but not what you want), if you remove the -or -perm -g+s then all suid files are found. Using the octal equivalents of 4000 and 2000 is no help. The evidence seems quite strong that the -or operator is broken. I have not checked with earlier or later versions but I suggest that an eyeball check of /var/log/setuid.today is done for all versions, if stuff like sendmail etc is not there then lots of people have a false sense of security. -- Dave Whitehead (Computer Support Staff) ------------------------------------------------------------------------------- EMAIL:- | TELEPHONE (work):- (work) davew@sees.bangor.ac.uk | +44 1248 382703 (Direct line) (home) 100023.1076@compuserve.com | +44 1248 351151 ext 2703 ------------------------------------------------------------------------------- SNAIL MAIL:- Dave Whitehead School of Electronic Engineering & Computer Systems, University College of North Wales, Dean Street, Bangor LL57 1UT ------------------------------------------------------------------------------