Date: Wed, 11 Aug 1999 15:14:27 -0700 From: "John Howie" <JHowie@msn.com> To: "Andrey E. Lerman" <lae@uniyar.ac.ru>, <freebsd-security@freebsd.org> Subject: Fw: info on suid/sgid files Message-ID: <013701bee446$e05a98f0$fe01a8c0@pacbell.net>
next in thread | raw e-mail | index | archive | help
Andrey wrote: > I did a quick search for a suid/sgid files on our server's hd > and found a lot. I really didn't expected so many. I removed > bits on about 80% of it without any visible (yet) impact to > system's operation. So I'm wondering, where to find info about > what these suid/sgid bits was for and what I loose removing > them. Some of progs I chmod'ed really amazed me, for example > quota, df, ps, dump, restore, shutdown... Many of those programs require privileges to access kernel memory, the raw hard disk, etc. Ordinary users will not have the necessary permissions to access these parts of the OS hence the SUID bit. Many system administrators freak out but the reality is that these utilities rarely (but not never) expose a risk to system security. While the truly paranoid might remove the SUID bit, it is often unnecessary and can cause legitimate, non-root, users problems when they want to see what is running on the system, what their disk quota usage is, etc. You mentioned that you found these on your server. I am assuming that this is a file and print server. If your users cannot access this system interactively, either at the console or over the network by disabling the telnet and r* daemons, then you have very little to worry about. I, personally, would not remove them from workstations. john... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013701bee446$e05a98f0$fe01a8c0>