Re: [lug-nuts] one liner again

From: Scott Tyson (tysons@deepwell.com)
Date: Tue Nov 30 1999 - 15:47:59 PST


Thanks a bunch

Most of what I found were things like ping, traceroute, sendmail, cron.
That's about it.
Default stuff from Redhat. The only thing I've addd with setuid rot is
Quake2 and that is required for it to run.

Scott

----- Original Message -----
From: "Brian Lavender" <brian@brie.com>
To: <lug-nuts@saclug.org>
Sent: Tuesday, November 30, 1999 1:41 PM
Subject: Re: [lug-nuts] one liner again

> Your questions are certainly legitimate. In short, a set uid
> program changes its id of its suid bit, and runs with that
> suid's permissions. Normally, if you run a program, it runs with
> your permissions. If you run a program that is set uid root, then
> the program runs as root. If the set uid root program prints "Hello
World" and
> nothing else, then there is no risk to your system. But say the suid
root program
> asks for you name and then prints "Hello , <your name here>". Say
> in your program that when it prints the statement, that if you put
> in a meta character that stops it from printing, and the rest of
> the input is executed as a command. Let's say that command is
>
> rm -rf /
>
> Well, your filesystem is a goner. Because you had a program that ran
> as root and you made it so anyone on your system could run it.
>
> So why have programs set uid root or more simply written suid root.
> When you change your password on your system with the passwd command,
> the program asks you for your new password and then it encrypts it
> and writes it to /etc/shadow. This is where the suid root is needed,
> because /etc/shadow is only writeable by root. So, the passwd
> program performs some checks when you execute it, opens /etc/shadow,
> and writes your new encrypted password. If it did not have the suid
> bit set, when it went to open the file and write to it, it would not
> be able to. That's because when you execute a program, it normally
ussumes
> your identity. This is even so when the program is owned by root.
>
> The suid program passwd has been combed through by many people and its
> a program you can safely run as suid. But if you write your own
programs which you make suid and
> you have potentially malicious users who you give permission to run
the
> program, be forwarned. You can make set uid programs execute under the
whatever
> owner they are set to. In addition, there is setgid. see man chmod.
>
> brian
>
> On Tue, Nov 30, 1999 at 01:27:53PM -0800, Scott Tyson wrote:
> > excuse my ignorance but can someone give me the readers digest of:
> >
> > 1. what is setuid? (set user id?)
> > 2. why it is used
> > 3. why is a setuid of root bad or not bad.
> > 4. What to do if you have programs that are setuid root.
> >
> > thanks
> > ----- Original Message -----
> > From: "Brian Lavender" <brian@brie.com>
> > To: "Lug Nuts" <lug-nuts@saclug.org>
> > Sent: Tuesday, November 30, 1999 11:01 AM
> > Subject: [lug-nuts] one liner again
> >
> >
> > > I found this on
> > >
> > > http://www.hackernews.com/orig/practice.html
> > >
> > > On most systems, if you would like to see all of the files on it
that
> > > are SUID root, issue this command:
> > >
> > > $ find / \( -perm -4000 -o -perm -2000 ! -type d \) -exec \
> > > ls -ldb {} \; >> output.log
> > >
> > > brian
> > > --
> > > Brian Lavender
> > > http://www.brie.com/brian/
> > >
> >
************************************************************************
> > ****
> > > * To UNSUBSCRIBE from the list, send a message with "unsubscribe
> > lug-nuts"
> > > * in the message body to majordomo@saclug.org. Please direct other
> > > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> > >
> >
> >
************************************************************************
****
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe
lug-nuts"
> > * in the message body to majordomo@saclug.org. Please direct other
> > * questions, comments, or problems to lug-nuts-owner@saclug.org.
>
> --
> Brian Lavender
> http://www.brie.com/brian/
>
************************************************************************
****
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe
lug-nuts"
> * in the message body to majordomo@saclug.org. Please direct other
> * questions, comments, or problems to lug-nuts-owner@saclug.org.
>

****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
* in the message body to majordomo@saclug.org. Please direct other
* questions, comments, or problems to lug-nuts-owner@saclug.org.



This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:08 PST