lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200312061042.hB6AgmE38762@milan.maths.usyd.edu.au>
From: psz at maths.usyd.edu.au (Paul Szabo)
Subject: Partial Solution to SUID Problems

Todd Burroughs <todd@...topia.com> wrote:

> If, by "messing up with them", you mean "turning off the suid bit", that
> cannot decrease security.  If they think otherwise, they do not know
> what they talk about.  Any program that is suid or sgid can either do
> nothing for or decrease your security.  I cannot think of any possible
> way that keeping suid/sgid could increase your security.  There are some
> exceptions if you want to give people partial root access, like 'sudo'.

Sorry, but I have a counter-example (and admit that I was bitten by it):
pt_chown (or chgpt or slvmod or whatever). Some OSs use something like
that to chown or chmod the pty they just allocated. Turning the suid bit
off prevents your pty from being owned by you so you cannot set safe
permissions, and are vulnerable to "echo badcommand > yourpty".

Cheers,

Paul Szabo - psz@...hs.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ