[wellylug] basic file security
Gordon Paynter
paynter at library.ucr.edu
Wed Jun 30 14:43:56 NZST 2004
> Doing a
> root# find /usr -type f -perm +6000 -ls
> gives me a freaking list of binaries.
How big is a "freaking" list? This command gets me about 30 files on a
Debian box. In several cases, I can remember being asked if I wanted them
installed setuid root or not (e.g. xcdroast).
> Now I can always modify some permissions but what is the risk of locking
> up the system for good ????
> Any advice on the minimum of these files I should leave or remove?
It probably wouldn't matter as much as you might think to remove the
setuid. Most of your critical system services are probably already run as
root, so it is only programs run by users that would be affected.
Programs run as users are unlikely to "lock up the system".
The catch is that there may be services which root runs as user nobody (or
daemon, or www-data, etc) with setuid root in effect. This is done for
security reasons. You could remove the setuid root from the executables,
but then you'd have to run the services as root, which opens up a whole
new nest of potential vulnerabilities.
Anyway, assuming all the files have been installed by a modern
package-based Linux distribution, by advice is to leave them alone, but if
you're really not happy about a particular file, then delete or
reconfigure it's package.
Gordon
Disclaimer: I'm not a security expert.
More information about the wellylug
mailing list