Re: SUID program removal

From: Rob 'Feztaa' Park (feztaa@shaw.ca)
Date: 10/20/01


Date: Sat, 20 Oct 2001 01:40:37 -0600
From: Rob 'Feztaa' Park <feztaa@shaw.ca>
To: focus-linux@securityfocus.com
Subject: Re: SUID program removal
Message-ID: <20011020014037.A1188@so_much_for_message_ids.com>

On Fri, Oct 19, 2001 at 04:29:33PM -0400, Jason Giglio (dis)graced my inbox with:
> > And of course, one should never, never, NEVER make ANY system
> > executable world writable! I prefer to keep them at root.root 0555 or
> > at times even 0511 unless there is specific reason to do otherwise.
>
> What's the point of 511 rather than 500?

My guess would be that with 511, any user could execute the program.
With 500, you'd have to be root to use it :)

-- 
Rob 'Feztaa' Park
feztaa@shaw.ca
--
Only God can make random selections.



Relevant Pages

  • Re: Card Reader
    ... and you get your payload to execute as root. ... Right, but most allow root to log in, and other trojans can ... The Unix vendors created DCE, but couldn't come up with a product that enough customers could figure out. ... The Windows users in my building at work were down ...
    (rec.photo.digital)
  • Re: chroot?
    ... > communications link and am setting up chroot for this ... Does it need to be suid root? ... To execute chroot, either the function or the command, ... you need any dynamic libs used by that program. ...
    (comp.unix.aix)
  • Re: SSH x-forwarding problem
    ... > another machine on the network and tries to execute an x-based app, ... God can change the byte order on the CPU, root can't. ...
    (alt.os.linux)
  • Re: AIX 5.1/5.2/5.3 local root exploits (diag issue)
    ... > environment variable as a prefix to an external binary executed as root. ... A vulnerability was discovered in the diag script that may allow any user ... To determine if this fileset is installed, execute the following ... various suid root AIX commands invoke the diag ...
    (Bugtraq)
  • Re: Card Reader
    ... and you get your payload to execute as root. ... Right, but most allow root to log in, and other trojans can ... more sophisticated tricks an attacker could pull in modifying the user's environment. ... Ease of use came to Unix long after the basic design was done, ...
    (rec.photo.digital)