| 1 |
After reading the "Secure Gentoo" thread I decided to compare default |
| 2 |
security level of gentoo to other linux distros. I noticed that some |
| 3 |
executables have the setuid/setgid flag set though (AFAIK) they do not |
| 4 |
need it for operation: |
| 5 |
470327 4 drwxrwsr-x 2 root games 4096 Jan 8 01:59 |
| 6 |
/var/lib/games |
| 7 |
32802 132 -rwxr-sr-x 1 root kmem 129428 Jan 4 15:52 |
| 8 |
/usr/bin/make |
| 9 |
131354 244 -rws--x--x 1 root root 244820 Jan 6 19:47 |
| 10 |
/usr/X11R6/bin/xterm |
| 11 |
131363 1612 -rws--x--x 1 root root 1643760 Jan 6 19:47 |
| 12 |
/usr/X11R6/bin/XFree86 (we should use Xwrapper instead) |
| 13 |
389942 12 -rwsr-xr-x 1 root root 9772 Jan 8 01:58 |
| 14 |
/usr/sbin/gnome-pty-helper (chown'ing gnome-pty-helper to root:utmp, |
| 15 |
chmod'ing it setgid and changing the permissions of the corresponding |
| 16 |
log file is IMHO an appropriate way to let it log users) |
| 17 |
|
| 18 |
Note: Because of my slow connection a few packages are installed, please |
| 19 |
have a look at the output of find / \( -perm -02000 -o -perm -04000 \) |
| 20 |
-ls on your system. |
| 21 |
|
| 22 |
|
| 23 |
Best Regards, |
| 24 |
Ilian Zarov |
Archives