From owner-freebsd-security Wed Aug 11 1:57:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from snafu.adept.org (adsl-63-193-112-19.dsl.snfc21.pacbell.net [63.193.112.19]) by hub.freebsd.org (Postfix) with ESMTP id 66D0814FE9 for ; Wed, 11 Aug 1999 01:57:20 -0700 (PDT) (envelope-from mike@snafu.adept.org) Received: from localhost (mike@localhost) by snafu.adept.org (8.9.3/8.9.3) with ESMTP id BAA71456; Wed, 11 Aug 1999 01:40:00 -0700 (PDT) Date: Wed, 11 Aug 1999 01:40:00 -0700 (PDT) From: Mike Hoskins To: "Andrey E. Lerman" Cc: freebsd-security@FreeBSD.ORG Subject: Re: info on suid/sgid files In-Reply-To: <19990811043211.X16510@uniyar.ac.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Aug 1999, Andrey E. Lerman wrote: > It would be nice if info about need of increased privileges > needed for given program would be clearly stated in manpage. I'm not sure how much info is needed about increased privileges... There's a lot of writeups (CERT's security checklist and an article I did for the FreeBSD 'Zine to name a couple) that already say 'If you don't need it ... turn it off'. Beyond saying that, I'd hope the admin could... Type: find / \( -perm -2000 -o -perm -4000 \) -print > audit.log more audit.log Think: 'I only need foo, I'll chmod the others appropriately.' Man pages generally do mention files they need/use... From which you can decide which users or groups need access to what files for a system to function appropriately. -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message