Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
With security on my mind I searched my box for files with permissions +6000, and got many results. Now I need help to determine which ones actually need setuid/setgid.
These are the files I got:
I'm the only one using this computer, so I could probably su into root, on some of the files, when I need them. Is it better(=securer) to execute files as root than to have setuid or setgid permissions?
Some of those need SUID ('su' for example - how can it work otherwise?) while many have SUID as a matter of convenience. For the 'convenient' group, some of those are genuinely useful at times, though not absolutely necessary, but most of them seem to have SUID just to be a nuisance - there is no reason for SUID and in fact it is an extremely bad idea. One obvious example: kppp - there is absolutely no valid reason to make it SUID.
Thats presuming you are happy to run such as ping as root. Which will require that you su, but since this is still suid it shouldnt pose a problem.
Quote:
but most of them seem to have SUID just to be a nuisance
Don't really agree, such as ping and traceroute might be useful to normal users, if you run a multiuser system, these require root access for raw sockets.
The first thing I'd do actually has *nothing* to do with setuid or setgid (together: setXid): check that what packages you have installed are that the packages are the ones you use now (versus "small chance they might eventually come in handy once in a gazillion years"). For instance I see utilities related to IPv6, UUCP, NNTP and R.*services. If you don't use or need to provide those then removing them means less vulnerabilities to track, less packages to update, less applications to configure. In your case you can skip aprox ten from your initial list.
Quote:
Originally Posted by jenhu
I'm the only one using this computer, so I could probably su into root, on some of the files, when I need them. Is it better(=securer) to execute files as root than to have setuid or setgid permissions?
The problem with setXid binaries is that they allow others to perform tasks which require root rights. Way old setXid exploit example: in Slackware, running a 2.4 kernel, there existed a ptrace vulnerability where 'su' could be abused to execute shellcode allowing for elevated rights for all that could execute 'su' (an added bonus there for Slackware not having compiled 'su' against PAM so the same binary couldn't be used as point of entry in other distributions).
To determine how to deal with an application you need to know if you are required to have it installed at all and who or what should be able to access it. (In essence this should not only take into account the discretionary access rights but all aspects of host hardening.) You can reduce risks by 0) removing unnecessary (uu.*, rs.*) packages (which is a good thing even where no setuid issues are concerned), 1) others can be used without setuid root bit (Pinnipeds kpp example, because this is a single user machine also see write, wall, ch.*, ), 2) you can remove the setuid or setgid root bit on others (in combination with a /etc/sudoers entry). In some of those cases you can 3) adjust access rights and take away the rights for "other", in other cases you 4) could only allow root and a local group access to it (fusermount for instance). 5) There will always remain a group that you should deal with carefully because they are not (supposed to be) accessed by human users, only by daemon processes (for example procmail, lockfile) or through other means (for example pt_chown). Since GNU/Linux is flexible there's nothing keeping you from experimenting: just record the access rights, change, use and restore if it doesn't work out. (Probably also should have added something about how behaviour possibly changes when executed setXid and not). Anyway, for more see the LQ FAQ: Security references (currently being revised by Aus9 and me) and the Slackware forum (lotsa hints and docs in them stickies).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.