Date: Thu, 28 Mar 2002 12:18:50 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Jason Stone <jason-fbsd-security@shalott.net> Cc: security@FreeBSD.ORG Subject: Re: make world and setuid bits Message-ID: <20020328121850.D97841@blossom.cjclark.org> In-Reply-To: <20020328043119.V5333-100000@walter>; from jason-fbsd-security@shalott.net on Thu, Mar 28, 2002 at 04:40:31AM -0800 References: <20020328131303.F98036-100000@axis.tdd.lt> <20020328043119.V5333-100000@walter>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 28, 2002 at 04:40:31AM -0800, Jason Stone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Are there make variables that can be set to prevent "make world" from
> installing binaries as setuid? Currently, I always run something like
> "find -perms -4000 | xargs chmod u-s" after doing a make world, but this
> seems inelegant, prone to human error, and dangerous as there's a
> (potentially quite long) period in which there are still many setuid
> binaries....
>
> make options to allow the prevention of "setuid root", "all setuid",
> or "all setuid and all setgid" would be nice.
For the vast majority of users, having no setuid binaries is a really,
really bad idea from a security standpoint. It forces you to do
everything as root.
If this is a policy on some machine somewhere, I don't that there is
much of a window of vulnerability. During the installation of the new
binaries, the system would be out of normal service. The system should
be isolated from potentially hostile users.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328121850.D97841>