| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: domino at asgardnet.org (Ciro) Subject: Partial Solution to SUID Problems On Thu, 4 Dec 2003, Gino Thomas wrote: > > I asked some ppl the same question, answers vary. On one hand some ppl > trust the suids and claim that messing up with them will open new > problems and that there are also many other ways to get root (kernel, > libc, daemons,...) on the other hand ppl agreed with me that if i don't > need uucp, why should it be on my box anyway (and that suid or sgid). > As said, i disabled all suids except 'su', so a user can't use > 'netstat', 'ping' or even 'man' anymore, but i do not want that on a > bastion host anyway, eh? Mounting whats left on a separate partition > seems to be as logical as doing that for /home, /tmp,... > > I would like to see a detailed discussion about this, too. > The thing that screams "bad idea" or at least "inconvienient pain in the neck" to me is that, on the off chance that a wide-spread exploit is found and you have to "make world" or whatever, it puts them right back and you have to do it again. Of course, I'm a perl scripter, so by definition I'm lazy[0] ;) -C [0]Larry Wall said it, not me. <g> "Why would burgulars need to look for a backdoor when they can climb in through Windows?" --Norman L DeForest, in NANAE "You know how dumb the average luser is? Well, half of 'em are dumber than that" -- The Roadie, in NANAE
Powered by blists - more mailing lists