Re: SUID program removal
From: Seth Arnold (sarnold@wirex.com)Date: 10/21/01
- Previous message: Bennett Todd: "Re: Chrooting Openssh"
- In reply to: Jason Giglio: "Re: SUID program removal"
- Next in thread: Jason Giglio: "Re: SUID program removal"
- Next in thread: Johannes B. Ullrich: "Re: SUID program removal"
- Reply: Jason Giglio: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 20 Oct 2001 21:33:11 -0700 From: Seth Arnold <sarnold@wirex.com> To: focus-linux@securityfocus.com Subject: Re: SUID program removal Message-ID: <20011020213311.A27112@wirex.com>
On Fri, Oct 19, 2001 at 04:29:33PM -0400, Jason Giglio wrote:
> >
> > And of course, one should never, never, NEVER make ANY system
> > executable world writable! I prefer to keep them at root.root 0555 or
> > at times even 0511 unless there is specific reason to do otherwise.
> >
>
> What's the point of 511 rather than 500?
Sometimes, one wants standard users to be able to execute the setuid
programs. Afterall, if one didn't want anyone but root to run the
program, it doesn't really need the setuid bit anyway, does it? :)
- Previous message: Bennett Todd: "Re: Chrooting Openssh"
- In reply to: Jason Giglio: "Re: SUID program removal"
- Next in thread: Jason Giglio: "Re: SUID program removal"
- Next in thread: Johannes B. Ullrich: "Re: SUID program removal"
- Reply: Jason Giglio: "Re: SUID program removal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
