[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suid & guid binaries....



Since there was no responce to this. I've made a new transcript called gpcc-base-1.2.5.T as an over load take care of the suid/guid issues on the umce.login servers.

!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!
Allen Bailey
The University of Michigan            |  http://www.umich.edu/~akbailey
ITCS Contract Services/GPCC           |  fax: 734-936-4919
akbailey@xxxxxxxxx                    |  cellphone: 734-355-9332


On Thu, 9 Sep 2004, Allen K. Bailey wrote:


I hope this all makes sense.

There does not seem to be a way to have a transcript simply change the mode bits of a file that is in another transcripts file cache.

Below is a list of binaries with the setuid bit set. This list was created by Adam Herscher <ahersche@xxxxxxxxx> per Andrew Inman's request. Would it be ok to remove the suid & guid bits on the following files and then make the in the appropriate transcript?

If it is not ok to change the mode of these files then is there a server side solution to this issue? These are not desired solutions:

-Simply reset the modes in a overload which works on the client but then
 the transcript won't lcksum on the server (sixthday) because the file
 doesn't exist in the overload.

-Coping the files to the overload transcript but that creates a fork of
 binaries.

-A hard link could be created to the originating transcript file cache
 binaries in overloaded transcript file cache but any time the real file
 changes all transcripts containing the hard linked file need to have
 their checksum changed.

---- suid & guid binaries listing

/bin/mount
/bin/ping
/bin/su
/bin/umount
/sbin/unix_chkpwd
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/gpasswd
/usr/bin/chage
/usr/bin/procmail
/usr/bin/chfn
/usr/bin/lppasswd
/usr/bin/passwd
/usr/bin/newgrp
/usr/bin/pt_chown
/usr/bin/at
/usr/bin/expiry
/usr/libexec/ssh-keysign
/usr/local/krb5/bin/ksu
/usr/local/krb5/bin/v4rcp
/usr/local/kde/bin/fileshareset
/usr/local/kde/bin/kcheckpass
/usr/local/kde/bin/kgrantpty
/usr/local/kde/bin/kpac_dhcp_helper
/usr/local/mit-k5-1.3.4/bin/ksu
/usr/local/mit-k5-1.3.4/bin/v4rcp
/usr/sbin/ssh-keysign
/usr/sbin/mtr
/usr/sbin/rscsi
/usr/sbin/sendmail
/usr/sbin/traceroute
/usr/X11R6/bin/XFree86
/usr/X11R6/bin/xterm

According Adam Herscher, Chris Wing over at CAEN (wingc@xxxxxxxxx) has said they've removed the suid bit from all but the following binaries on their linux login systems without problem:

	/usr/bin/newgrp
	/bin/su
	/bin/ping
	/sbin/unix_chkpwd	[ part of PAM, this checks shadow
				passwords for non-root apps. It could
				probably be disabled since we use
				Kerberos ]

We should probably do the same. Otherwise, security vulnerabilities in individual packages become root exploits.

Same goes for setgid binaries:

/usr/bin/write
/usr/bin/procmail
/usr/bin/lockfile
/usr/local/kde/bin/kdesud
/usr/local/nmh/bin/inc

Thought or comments?

!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!
Allen Bailey
The University of Michigan            |  http://www.umich.edu/~akbailey
ITCS Contract Services/GPCC           |  fax: 734-936-4919
akbailey@xxxxxxxxx                    |  cellphone: 734-355-9332