suid bit files + securing FreeBSD

• Previous message: Pawel Jakub Dawidek: "Re: systrace for FreeBSD 5.1"
• Next in thread: Peter Jeremy: "Re: suid bit files + securing FreeBSD"
• Reply: Peter Jeremy: "Re: suid bit files + securing FreeBSD"
• Reply: twig les: "Re: suid bit files + securing FreeBSD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "FreeBSD Security" <freebsd-security@freebsd.org>
Date: Sat, 26 Jul 2003 19:23:02 +0200

Hello everybody,

I'm a newbie in this list, so I don't know if it's the appropriate place
for my question. Anyway, I'd be happy to find out the solution.

Please, has anyone simple answer for:

I'm looking for an exact list of files, which:
1. MUST have...
2. HAVE FROM BSD INSTALLATION...
3. DO NOT NEED...
4. NEVER MAY...
...the suid-bit set.

Of course, it's no problem to find-out which files ALREADY HAS
suid-bit set. But what files REALLY MUST have it ?
I know generalities, as e.g. shell should never have suid bit set,
but what if someone has copied any shell to some other location
and have set the suid bit ? It's security hole, isn't it ?
And what if I have more such files on my machine ?
It is not about my machine has been compromited, it is only WHAT IF...

--------------------------------------------

Second question is: Has anybody an exact wizard, how to secure
the FreeBSD machine. Imagine the situation, the only person who
can do anything on that machine is me, and nobody other. I have
set very restrictive firewalling, I have removed ALL tty's except
two local tty's (I need to work on that machine), but there are
still open port 25 and 53 (must be forever), so someone very
tricky can compromite my machine.

I'm a little bit paranoic, don't I :-)))))))

Cheers,

Peter Rosa
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Pawel Jakub Dawidek: "Re: systrace for FreeBSD 5.1"
• Next in thread: Peter Jeremy: "Re: suid bit files + securing FreeBSD"
• Reply: Peter Jeremy: "Re: suid bit files + securing FreeBSD"
• Reply: twig les: "Re: suid bit files + securing FreeBSD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages suid bit files and securing FreeBSD ... ...the suid-bit set. ... I know generalities, as e.g. shell should never have suid bit set, ... tricky can compromite my machine. ... (freebsd-questions) Re: How do I unrestrict a root command? ... > exploitable) security hole on SUID shell scripts. ... and that shell must interpret and execute the script file. ... (comp.os.linux.misc) Re: SUID related (newbie) question ... The SUID bit is useful for real compiled binary code-type ... If you really want to suid a script then you can use "wrapper" code ... that does all the suid work then executes the script. ... This will allow a normal user to execute a suid shell script! ... (comp.os.linux.misc) Re: suid bit files and securing FreeBSD ... suid bit files and securing FreeBSD ... > ...the suid-bit set. ... To unsubscribe, ... (freebsd-questions) Re: SUID related (newbie) question ... mentioning which shell to use. ... The SUID bit is useful for real compiled binary code-type ... that does all the suid work then executes the script. ... chown root.root wrapper ... (comp.os.linux.misc)