From owner-freebsd-security Mon Nov 1 8:40: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id D1F3E14F56 for ; Mon, 1 Nov 1999 08:39:57 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id RAA04565; Mon, 1 Nov 1999 17:39:56 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id RAA73489; Mon, 1 Nov 1999 17:39:55 +0100 (MET) Date: Mon, 1 Nov 1999 17:39:55 +0100 From: Eivind Eklund To: Spidey Cc: freebsd-security@FreeBSD.ORG Subject: Re: Examining FBSD set[ug]ids and their use Message-ID: <19991101173955.L72085@bitbox.follo.net> References: <14364.64172.638014.558487@anarcat.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <14364.64172.638014.558487@anarcat.dyndns.org>; from beaupran@jsp.umontreal.ca on Sun, Oct 31, 1999 at 09:27:56PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 31, 1999 at 09:27:56PM -0500, Spidey wrote: > # The suid bit is NOT necessary for any usage I could find... > df gname=operator mode=2555 The suid bit is necessary for users to be able to inspect the amount of disk space free on unmounted disks. Personally, I don't think users should be allowed to see the amount of disk space free on unmounted disks unless they are in group operator themselves. If I don't get any disagreement, I will remove this setuid bit. > /set gname=tty > # Allow users to dump on remote (see dump(1), the BUGS section) > dump gname=tty > rdump gname=tty > restore gname=tty > rrestore gname=tty > # High scores management > sol uname=games gname=games mode=6755 This looks like a bug in some port, actually. We shouldn't normally have anything that is setuid games, only setgid. > # Allow users to read master.passwd > xlock mode=4111 A separate system for verifying a user's own password would be infinitely desirable. I suggest something as simple as a small executable that verify the password, and automatically touch a file so it can't be called more than reasonable for interactive verification. > # Allow users to regenerate the aliases database. > # Why the hell should anyone else than the one that has modified the > # database would want to rebuild it???? > newaliases The alias files can be group writable. > # Same as rsh and such. > ssh1 mode=4711 Not quite. ssh uses this to get at the local host key, and authenticate that it is run with that key or the attacker has control over the entire host (by using a privileged port as the source port). Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message