[Full-Disclosure] Partial Solution to SUID Problems

From: Todd Burroughs (todd_at_hostopia.com)
Date: 12/04/03

  • Next message: kang_at_insecure.ws: "Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]"
    To: full-disclosure@lists.netsys.com
    Date: Thu, 4 Dec 2003 03:51:42 -0500 (EST)
    
    

    Several exploits rely on being able to create suid programs or
    to execute these programs (maybe installed by an old patch, etc.)

    I have an idea to reduce this problem. Basically, you mount everything
    "nosuid", except for one filesystem. This filesystem is obviously only
    writeable by root, it gets rid of the linking problem discussed last week.

    I make a small partition and mount everything else "nosuid". I put
    anything that needs suid or sgid on that filesystem and make symlinks
    to where it should be. This makes is easy to find SUID programs,
    run mount and make sure things are mounted nosuid, then look at your
    "suid partition".

    So, does this make sense? It seems to make it easier and more controlled
    when you patch or add suid binaries. I would love to see us start to
    use something like this on *NIX systems.

    Todd Burroughs

    ---
    The Internet has given us unprecedented opportunity to communicate and
    share on a global scale without borders; fight to keep it that way.
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: kang_at_insecure.ws: "Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]"

    Relevant Pages

    • Re: Changing Root Password
      ... I get an error message: ... Someone has, in a failed attempt at increasing security, removed the ... That's another common misconception out there -- that suid programs are ...
      (alt.os.linux.suse)
    • Re: [Full-Disclosure] Partial Solution to SUID Problems
      ... This makes is easy to find SUID programs, ... > controlled when you patch or add suid binaries. ... I asked some ppl the same question, ... Mounting whats left on a separate partition ...
      (Full-Disclosure)
    • Re: [PATCH] private mounts
      ... If there are no vetoes agains the patch, ... Having suid application with different pathname resolution than ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: Does the suid bit do anything on a directory ?
      ... > Does the SUID bit have any effect on a directory when using an ext2 ... Ruurd ...
      (comp.os.linux)