Re: SUID program removal
From: Scott Gifford (sgifford@suspectclass.com)Date: 10/18/01
- Previous message: Scott Gifford: "Re: Webpage permissions management"
- Maybe in reply to: Pacifi3r: "SUID program removal"
- Next in thread: Rob 'Feztaa' Park: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Pacifi3r" <pacifi3r@hotmail.com> Subject: Re: SUID program removal From: Scott Gifford <sgifford@suspectclass.com> Date: 18 Oct 2001 01:20:39 -0400 Message-ID: <ly3d4hcymw.fsf@gfn.org>
"Pacifi3r" <pacifi3r@hotmail.com> writes:
> Greetz,
> Newbie would like to know which program on a base RedHat 7.1 installed can
> have the SUID bit removed. Base in this instance means that no additional
> package were selected for install.
Most of them. Get a list of all setuid and setgid programs on the
system, figure out which ones you will never need, and remove their
RPMS. For ones you will sometimes need, consider whether anybody
besides root will need to use them. On some of my systems, for
example, only root needs to traceroute, so I remove the setuid bit; on
nearly all of them, the "chfn", "chsh", etc. programs are more risk
than they're worth, so I remove their special privileges. With what's
left, consider whether it can be replaced with a safer alternative; I
generally remove sendmail and install qmail on systems that need mail,
for example. For whatever's left, leave the special permissions, and
pay very close attention to security mailing lists about those
programs.
Here's the command I use to find setXid programs on my system:
find / /usr -xdev -type f -a \( -perm -04000 -o -perm -02000 \) -ls >/tmp/setXid.list
Good luck,
----ScottG.
- Previous message: Scott Gifford: "Re: Webpage permissions management"
- Maybe in reply to: Pacifi3r: "SUID program removal"
- Next in thread: Rob 'Feztaa' Park: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
