1 |
Hi! |
2 |
|
3 |
On Tue, 10 Aug 2004, Alex Efros wrote: |
4 |
> But there a number of suid progs which probably don't really need to be suid: |
5 |
> |
6 |
> -rwsr-x--- 1 root cron 632 ??? 13 05:52 /etc/init.d/dcron |
7 |
> |
8 |
> No comments. :( |
9 |
|
10 |
This is probably a bug in the dcron ebuild. It's not *that* bad |
11 |
since programs using the #! hack aren't really executed SUID[*]. |
12 |
Still, it would be wise to file a bug in Bugzilla about this. |
13 |
|
14 |
[*] unless you have patched your kernel in that respect. |
15 |
|
16 |
> -rwsr-xr-x 1 root root 804924 ??? 13 14:17 /usr/bin/gpg |
17 |
> |
18 |
> Yeah, I know, gpg WANT to be suid to do something with protecting it's |
19 |
> memory, but is this really give any benefits? I mean, it's anyway possible |
20 |
> for root to read it's memory from /dev/kmem, and it's anyway impossible to |
21 |
> read it's memory from swap-partition for usual user because permissions |
22 |
> for any disk partitions are 0600. |
23 |
|
24 |
What about you data landing on a swap partition, not being erased |
25 |
and then someone stealing your laptop/harddisk? |
26 |
|
27 |
|
28 |
Greets, |
29 |
Tobias |
30 |
|
31 |
-- |
32 |
gentoo-security@g.o mailing list |