From owner-freebsd-security  Sun Aug  3 07:39:40 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id HAA26877
          for security-outgoing; Sun, 3 Aug 1997 07:39:40 -0700 (PDT)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA26869
          for <security@FreeBSD.ORG>; Sun, 3 Aug 1997 07:39:37 -0700 (PDT)
Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.5/8.7.3) id AAA14256; Mon, 4 Aug 1997 00:09:30 +0930 (CST)
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199708031439.AAA14256@genesis.atrad.adelaide.edu.au>
Subject: Re: setuid shutdown?
In-Reply-To: <Pine.BSF.3.95q.970803100305.4197B-100000@netrail.net> from "Jonathan A. Zdziarski" at "Aug 3, 97 10:05:45 am"
To: jonz@netrail.net (Jonathan A. Zdziarski)
Date: Mon, 4 Aug 1997 00:09:30 +0930 (CST)
Cc: security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Jonathan A. Zdziarski stands accused of saying:
> I just realized that my version of freebsd 2.2.2 installs with a
> set-uid-root shutdown command allowing anybody who wants to to shutdown or
> reboot the server.

silver:~>ls -l `which shutdown`
-r-sr-x---  1 root  operator  135168 Jun  7 18:37 /sbin/shutdown

This is consistent with what 'operator' means in my book.  8)

> Also: I noticed that 2.2.2 installs /usr/bin/perl (4) and a setuid root
> version of it as well (found this out when I noticed that adduser and
> rmuser are perl and not c).  If I'm not mistaken 4 has some major security
> problems with setuid perl, no?

Correct.  If you are running a production system you should have read
all of the advisories released since 2.2.2, and preferably be tracking
-stable on a support system, or installing the rolling 2.2-stable 
snapshots post-advisory.

At this stage, there is not a security-update-patch mechanism more
advanced that this.

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[