From owner-freebsd-hackers@FreeBSD.ORG Mon Jun 23 08:38:07 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0702837B401 for ; Mon, 23 Jun 2003 08:38:07 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BF1843FE0 for ; Mon, 23 Jun 2003 08:38:06 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h5NFboKJ053399; Mon, 23 Jun 2003 11:37:50 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h5NFboq7053396; Mon, 23 Jun 2003 11:37:50 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 23 Jun 2003 11:37:49 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Socketd In-Reply-To: <20030623152341.61b63afc.db@traceroute.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: hackers@freebsd.org Subject: Re: Suid and gid files X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2003 15:38:07 -0000 On Mon, 23 Jun 2003, Socketd wrote: > I just installed FreeBSD 5.1 release and ran a "find / -perm +4000" and > "find / -perm +2000". My question is: are any of these files used by the > system, in a way that prevents me from making them non-executable to the > world? I have no shell users and don't use sendmail. Setuid can be turned off on pretty much all of the binaries; however, as you turn off setuid bits, more and more things will not work for unprivileged users. During normal system operation, privileges are usually "dropped" as opposed to "acquired", so the exceptions are usually for access to raw sockets, system devices, etc. I recently removed the setuid bit from the quota command in -CURRENT, and am in the throes of reviewing the remaining setuid/setgid pieces as part of developing our Security Architecture document. The one potentially problematic case that comes to mind is mail submission by sendmail; mechanisms such as cron, at, etc, expect to be able to generate mail from unprivileged users and that may break if you use sendmail as the MTA but without setuid. There are mail systems that don't require setuid, instead relying on LTMP, which might be preferable in your environment. I also find su very helpful, FWIW :-). > Btw why is /usr/sbin/ppp world readable? (not that is matters) sproing:/usr/sbin> ls -l ppp -r-sr-xr-- 1 root network 367304 May 8 15:16 ppp* Yeah, that is a little inconsistent, although not harmful as far as I can tell. I'll remove the read bit in -CURRENT and we'll see if anyone complains :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories