| 1 |
Hi! |
| 2 |
|
| 3 |
I've just checked my system for SUID progs and there a lot of them... |
| 4 |
Most of them (like ping/mount/chsh/vmware) are really must be suid. |
| 5 |
But there a number of suid progs which probably don't really need to be suid: |
| 6 |
|
| 7 |
-rwsr-x--- 1 root cron 632 æÅ× 13 05:52 /etc/init.d/dcron |
| 8 |
|
| 9 |
No comments. :( |
| 10 |
|
| 11 |
-rwsr-xr-x 1 root root 804924 æÅ× 13 14:17 /usr/bin/gpg |
| 12 |
|
| 13 |
Yeah, I know, gpg WANT to be suid to do something with protecting it's |
| 14 |
memory, but is this really give any benefits? I mean, it's anyway possible |
| 15 |
for root to read it's memory from /dev/kmem, and it's anyway impossible to |
| 16 |
read it's memory from swap-partition for usual user because permissions |
| 17 |
for any disk partitions are 0600. |
| 18 |
|
| 19 |
-rws--x--x 2 root root 1089220 æÅ× 12 18:34 /usr/bin/sperl5.8.2 |
| 20 |
-rws--x--x 2 root root 1089220 æÅ× 12 18:34 /usr/bin/suidperl |
| 21 |
|
| 22 |
AFAIK perl developers suggest not install suidperl because they fail to |
| 23 |
make it really secure. They suggest installing suidperl ONLY for old |
| 24 |
systems with scripts already requiring suidperl. |
| 25 |
|
| 26 |
-rwsr-xr-x 1 root root 6108 éÀÌ 24 08:52 /usr/kde/3.2/bin/kpac_dhcp_helper |
| 27 |
|
| 28 |
I don't know what's this. I'm not surprised by two other suid progs - |
| 29 |
"pty helpers", one for KDE and one for Gnome, but this one isn't looks |
| 30 |
really needed to be suid..? |
| 31 |
|
| 32 |
-rws--x--x 1 root root 155172 íÁÊ 3 21:16 /usr/lib/misc/ssh-keysign |
| 33 |
|
| 34 |
Hmm. Manual pages point me to "HostbasedAuthentication" and |
| 35 |
"EnableSSHKeysign" options. I think it's used very rarely, so maybe it |
| 36 |
has sense to make this prog not suid, and add some comment near these |
| 37 |
options in /etc/ssh/ssh*_config files like: "if you want to use host based |
| 38 |
authentication then please make /usr/lib/misc/ssh-keysign suid before |
| 39 |
enabling this option"? |
| 40 |
|
| 41 |
-rwsr-xr-x 1 root root 6128 æÅ× 12 17:32 /usr/lib/misc/pt_chown |
| 42 |
|
| 43 |
From `man grantpt` : |
| 44 |
This is part of the Unix98 pty support, see pts(4). Many systems |
| 45 |
implement this function via a setuid helper binary called "pt_chown". |
| 46 |
With Linux devpts no such helper binary is required. |
| 47 |
So, is we really need it? Maybe we need devpts enabled instead? :) |
| 48 |
|
| 49 |
-r-sr-xr-x 1 root root 261600 æÅ× 13 15:12 /usr/sbin/pppd |
| 50 |
|
| 51 |
I want to write "no comments" again, but then decide to explain. |
| 52 |
I don't know reason to not execute pppd always by root. If somebody |
| 53 |
want to execute pppd by usual user - he can make pppd suid manually. |
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
So, what do you think about this? |
| 58 |
|
| 59 |
-- |
| 60 |
WBR, Alex. |
| 61 |
|
| 62 |
-- |
| 63 |
gentoo-security@g.o mailing list |
Archives