| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031208114802.GS1767@skywalker.bsws.de> From: hb-fulldisclosure at bsws.de (Henning Brauer) Subject: Partial Solution to SUID Problems On Sun, Dec 07, 2003 at 03:48:03PM +0100, Markus Friedl wrote: > > On a server that you have shell access, you probably really need to add > > 'passwd' to the 'suid partitiion'. You may need some other things, > > on some of our servers, I have 'ping' as well. > it's not really necessary to have passwd setuid. actually, I wasn't so much after passwd, this was just an example. the same rule applies for all more or less shared ressources where the individual users needs write access to under special constraints, but not generally - like with passwd, normal users should not have write access in general, but need for changing their passwords, thus a setuid passwd. This case can be worked around, others probably too, some probably not. the point was that a setuid or setgid binary in this case increases security over having write access for everyone. same rules apply for ressources where the ordinary user must not have read access except for the special cases. -- Henning Brauer, BS Web Services, http://bsws.de hb@...s.de - henning@...nbsd.org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Powered by blists - more mailing lists