From owner-freebsd-security  Wed Mar 31  8:17:54 1999
Delivered-To: freebsd-security@freebsd.org
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
	by hub.freebsd.org (Postfix) with ESMTP id 634F715520
	for <freebsd-security@FreeBSD.ORG>; Wed, 31 Mar 1999 08:17:51 -0800 (PST)
	(envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.3/8.9.2/best.sh) id IAA14098;
	Wed, 31 Mar 1999 08:17:09 -0800 (PST)
Message-ID: <19990331081709.B11641@best.com>
Date: Wed, 31 Mar 1999 08:17:09 -0800
From: "Jan B. Koum " <jkb@best.com>
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>,
	"Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Curious about 'hoststat'
References: <Pine.SOL.3.96L.990330015216.2230A-100000@unix8.andrew.cmu.edu> <43892.922782773@zippy.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <43892.922782773@zippy.cdrom.com>; from Jordan K. Hubbard on Tue, Mar 30, 1999 at 12:32:53AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Mar 30, 1999 at 12:32:53AM -0800, "Jordan K. Hubbard" <jkh@zippy.cdrom.com> wrote:
> > 	Well, I am going through a FreeBSD machine and removing the suid
> > bits on programs that have no purpose having them for a simple user host
> > machine.  Going through /var/log/setuid.today and changing the permissions
> > on the programs seems like a good idea until I got to 'hoststat'.
> 
> Look at the inode number - it's the same file as /usr/sbin/sendmail.
> It's just there as a convenient hook.
> 
> - Jordan
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

	What Jordan said, but now with pictures.

nautilus# set I=`ls -li /usr/bin/hoststat|cut -f1 -d" "`
nautilus# find / -inum $I -ls
445461  592 -r-sr-xr-x    5 root  wheel 290016 Feb  3 21:07 /usr/bin/newaliases
445461  592 -r-sr-xr-x    5 root  wheel 290016 Feb  3 21:07 /usr/bin/mailq
445461  592 -r-sr-xr-x    5 root  wheel 290016 Feb  3 21:07 /usr/bin/hoststat
445461  592 -r-sr-xr-x    5 root  wheel 290016 Feb  3 21:07 /usr/sbin/sendmail
445461  592 -r-sr-xr-x    5 root  wheel 290016 Feb  3 21:07 /usr/sbin/purgestat

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message