Date: Mon, 15 Jul 1996 10:43:11 -0400 (EDT) From: Mike Newell <mnewell@kaizen.net> To: Paul Danckaert <pauld@umbc.edu> Cc: jbhunt <jbhunt@mercury.gaianet.net>, freebsd-security@freebsd.org, root@mercury.gaianet.net Subject: Re: New EXPLOIT located! Message-ID: <Pine.SGI.3.92.960715103831.1447A-100000@dada.kaizen.net> In-Reply-To: <Pine.SGI.3.91.960715085258.23456A@umbc7.umbc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Jul 1996, Paul Danckaert wrote: > The normal policy we use when setting up machines here is to do a find > for suid and sgid files on the system. Pick off the essential ones, and > strip the bits off any others. Its saved us from several irix and sun > holes in the past.. and one or two bsd ones now too. What do you consider "essential ones"? I realize that a case-by-case analysis of the pros/cons of what to/not keep SUID would be a book in itself [:-)], especially since the usefulness of each is dependent on what the system is being used for. However it would be nice to know what utilities *must* be SUID for a baseline system, and especially what utilities are "safely" SUID and what aren't. Thanks, Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.92.960715103831.1447A-100000>