1 |
After reading the "Secure Gentoo" thread I decided to compare default |
2 |
security level of gentoo to other linux distros. I noticed that some |
3 |
executables have the setuid/setgid flag set though (AFAIK) they do not |
4 |
need it for operation: |
5 |
470327 4 drwxrwsr-x 2 root games 4096 Jan 8 01:59 |
6 |
/var/lib/games |
7 |
32802 132 -rwxr-sr-x 1 root kmem 129428 Jan 4 15:52 |
8 |
/usr/bin/make |
9 |
131354 244 -rws--x--x 1 root root 244820 Jan 6 19:47 |
10 |
/usr/X11R6/bin/xterm |
11 |
131363 1612 -rws--x--x 1 root root 1643760 Jan 6 19:47 |
12 |
/usr/X11R6/bin/XFree86 (we should use Xwrapper instead) |
13 |
389942 12 -rwsr-xr-x 1 root root 9772 Jan 8 01:58 |
14 |
/usr/sbin/gnome-pty-helper (chown'ing gnome-pty-helper to root:utmp, |
15 |
chmod'ing it setgid and changing the permissions of the corresponding |
16 |
log file is IMHO an appropriate way to let it log users) |
17 |
|
18 |
Note: Because of my slow connection a few packages are installed, please |
19 |
have a look at the output of find / \( -perm -02000 -o -perm -04000 \) |
20 |
-ls on your system. |
21 |
|
22 |
|
23 |
Best Regards, |
24 |
Ilian Zarov |