Date: Sun, 26 Oct 2003 08:10:15 -0600 From: "Jim" <waif@ntropolis.com> To: <freebsd-questions@freebsd.org> Subject: SUID /usr/bin/rsh on Stable 4.8 after installworld Message-ID: <OCEOIEJGIDKIHFOMMCODMEPDCHAA.waif@ntropolis.com>
next in thread | raw e-mail | index | archive | help
I am very new to FreeBSD, so I know there is a simple answer to this: I have installed FreeBSD 4.8 Stable on a machine. The installation always runs like silk. I then begin locking down some of the machine's conf files, shut down unecessary daemons, etc. This includes setting permissions on unused suid/sgid binaries to 000. This process always works fine, and even after reboot, the binaries I have reduced permissions on stay reduced. At some point in this process however, I get to cvsup, buildworld, and installworld. This process re-enables the old permissions on the files I so diligently locked down. I would expect there is a flag or include/exclude file somewhere I need to lookup to prevent cvsup from doing this in the first place, but like I said, I'm new. The problem I need help with though, is the fact that I cannot chmod 000 certain binaries after this process (for example: /usr/bin/rsh, /usr/bin/yppasswd, /usr/bin/ypchfn, etc.). The following occurs: # chmod 000 /usr/bin/rsh chmod: /usr/bin/rsh: Operation not permitted A listing of the file: # ll /usr/bin/rsh -r-sr-xr-x 1 root wheel 7980 Oct 26 07:36 /usr/bin/rsh I am logged in as root on the console. My cvs-supfile is very basic: *default host=cvsup8.FreeBSD.org *default base=/usr *default prefix=/usr *default release=cvs *default compress src-all tag=RELENG_4_8 ports-all tag=. What changes during installworld that prevents me from shutting these down again? If anyone needs more information, just let me know what you're looking for. Jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OCEOIEJGIDKIHFOMMCODMEPDCHAA.waif>