LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-17-2007, 02:23 PM   #1
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian,Ubuntu,Slackware
Posts: 479

Rep: Reputation: 48
dhcpcd suid


Hi,

I want to give users the ability to release and renew ip from the dhcp server (my router). I set dhcpcd suid:

chmod u+s /sbin/dhcpcd

This has worked, but does anyone know if this poses a major security risk/problem?

Thanks
 
Old 08-20-2007, 12:11 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
does anyone know if this poses a major security risk/problem
You're introducing a setuid-root binary where it isn't necessary: use sudo instead. Sudo allows you to have an audit trail of who executed what commands and if you don't trust users make sudo execute a wrapper script for the command.
 
Old 08-20-2007, 01:08 PM   #3
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian,Ubuntu,Slackware
Posts: 479

Original Poster
Rep: Reputation: 48
Quote:
Originally Posted by unSpawn View Post
does anyone know if this poses a major security risk/problem
You're introducing a setuid-root binary where it isn't necessary: use sudo instead. Sudo allows you to have an audit trail of who executed what commands and if you don't trust users make sudo execute a wrapper script for the command.
Thanks for the reply. I eventually decided to go with sudo, letting users in group "net" run dhcpcd as root. I don't know what a wrapper script is, but I will look into that as well.
 
Old 08-20-2007, 04:57 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I don't know what a wrapper script is
It is just what it is: a "wrapper" around a command. Say for instance you allow users access to some command but it requires some basic logic, like first stopping then starting, or making sure the arguments are in the right order, or any arguments you can't get /etc/sudoers to work with, basically any stuff users should not try and fsck up.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SUID in /etc/shadow lqchangba Linux - Security 1 02-20-2007 10:06 AM
Suid? whishkah Linux - Software 5 09-07-2006 02:17 PM
mount suid predrag *BSD 2 09-12-2004 08:01 AM
SUID file drops suid bit on append? c_coder Programming 1 03-12-2004 07:59 AM
suid iptables john8675309 Linux - Software 5 01-26-2004 03:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration