Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Aug 1999 03:41:38 +0400
From:      "Andrey E. Lerman" <lae@uniyar.ac.ru>
To:        John Howie <JHowie@msn.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Fw: info on suid/sgid files
Message-ID:  <19990812034137.E6691@univ.uniyar.ac.ru>
In-Reply-To: <013701bee446$e05a98f0$fe01a8c0@pacbell.net>; from John Howie on Wed, Aug 11, 1999 at 03:14:27PM -0700
References:  <013701bee446$e05a98f0$fe01a8c0@pacbell.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 11, 1999 at 03:14:27PM -0700, John Howie wrote:
> Andrey wrote:
>
> > I did a quick search for a suid/sgid files on our server's hd
> > and found a lot. I really didn't expected so many. I removed
> > bits on about 80% of it without any visible (yet) impact to
> > system's operation. So I'm wondering, where to find info about
> > what these suid/sgid bits was for and what I loose removing
> > them. Some of progs I chmod'ed really amazed me, for example
> > quota, df, ps, dump, restore, shutdown...
>
> Many of those programs require privileges to access kernel memory, the raw
> hard disk, etc. Ordinary users will not have the necessary permissions to
> access these parts of the OS hence the SUID bit. Many system administrators
> freak out but the reality is that these utilities rarely (but not never)
> expose a risk to system security. While the truly paranoid might remove the
> SUID bit, it is often unnecessary and can cause legitimate, non-root,  users
> problems when they want to see what is running on the system, what their
> disk quota usage is, etc.

We just don't know what kind of security risk they expose.
Imagine tomorrow bugtraq and -security lists filled with
messages about new vulnerability. Who will be faster, you
pathching your system or hackers breaking into it? Who knows.
The risk is low, but not zero. People (developers are people
too) sometimes make mistakes. Same for auditors of code. I
agree, some will call it paranoid.

I will consider restoring these suid/sgid bit if there will be
complains from the users (or me :). We are balancing between confortable
working and security again.

> You mentioned that you found these on your server. I am assuming that this
> is a file and print server. If your users cannot access this system
> interactively, either at the console or over the network by disabling the
> telnet and r* daemons, then you have very little to worry about.

You guessed quite right, it is also ftp and www	server and
gateway. But we plan to set this box also as a server for X
terminals.

I also admin another box running Linux, which is terminal
server. I found a lot less number of suid programs on it.

--
Andrey E. Lerman @ Yaroslavl State University
ICQ: 9418370, primary email: lae@uniyar.ac.ru
[Lae] on IRCNet


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990812034137.E6691>