A little salve (Re: Is there an FSDB Manual?)
Blair P. Houghton
bph at buengc.BU.EDU
Thu Oct 12 11:03:33 AEST 1989
In article <1288 at sdcc13.ucsd.EDU> pa1034 at sdcc13.ucsd.edu.UUCP (The Evil(tm) One) writes:
Whoever chose your name chose well...
>Any program which is publicly executable can potentially be a security
>hole. A program can be non-SUID and still have code like:
> {
> exec shell to cp /bin/sh /tmp/sushi.
> Now that the /tmp/sushi is owned by current owner,
> do a chmod 6777 on it.
> }
>Surprise! the user now has the privileges of whoever runs this program.
>if root runs it, BIG SURPRISE!!!
It can't be stopped, no. There is a way, though, to check for the
results of such things. (This is paraphrased from the security chapter
in Fiedler and Hunter, UNIX(tm) System Administration, Hayden,
Indianapolis, 1986.)
find / -perm -4000 -exec ls -ldg \{\} \;
will find all files with the setuid bit set.
I do it every once in a while just to see what's up, and
it only returns a few dozen lines. If you really want to
check, you should probably run every one of the listed
programs to make sure it's still the program it's supposed
to be.
Then again, you could just diff it with a master list you
keep locked away somewhere, then have it mail you and
pull the fire alarm if anything ever changes...
--Blair
"Crank, crank, crank..."
More information about the Comp.unix.wizards
mailing list