LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-08-2006, 05:27 PM   #1
hank43
Member
 
Registered: Nov 2003
Distribution: centos 4.4
Posts: 94

Rep: Reputation: 15
which suid sgid to unset?


I've read i should unset the suid sgid bits on binaries that do not need them. They gave the commands to find the files, but no information on which need the suid bit set. Here is my list, which files should have the suid removed? The machine is acting as a web server.

trimmed output of
find / -perm -4000 -ls

/sbin/unix_chkpwd
/sbin/pam_timestamp_check
/sbin/pwdb_chkpwd
/bin/su
/bin/ping
/bin/traceroute
/bin/ping6
/bin/traceroute6
/bin/mount
/bin/umount
/usr/kerberos/bin/ksu
/usr/libexec/openssh/ssh-keysign
/usr/sbin/usernetctl
/usr/sbin/userhelper
/usr/bin/sg
/usr/bin/sudo
/usr/bin/chfn
/usr/bin/passwd
/usr/bin/newgrp
/usr/bin/chage
/usr/bin/gpasswd
/usr/bin/crontab
/usr/bin/chsh

here for the guid
find / -perm -2000 -ls
root root 11379 Aug 13 01:10 /sbin/netreport
root postdrop 148596 Aug 12 15:07 /usr/sbin/postqueue
root lock 15372 Apr 4 2006 /usr/sbin/lockdev
root postdrop 132200 Aug 12 15:07 /usr/sbin/postdrop
root tty 10124 Aug 12 12:33 /usr/bin/write
root slocate 38548 Aug 21 2005 /usr/bin/slocate
root tty 9752 Aug 21 2005 /usr/bin/wall
root mail 14636 Feb 21 2005 /usr/bin/lockfile
 
Old 10-09-2006, 02:46 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
This isn't quite what you asked but I think you are implying it. If you want to learn about hardening a system, I would suggest you look into the Bastille hardening program. This program steps you through various things you might want to consider (including unsetting setuid/setgid bits on some software, IIRC) to harden your system. Its objective is as much to educate the sysadmin as to actually lock down the system. That is because they view a knowledgable sysadmin as an essential part of security.

As far as the list you posted, of the programs I recognized, most of them probably need the mentioned bit set if a normal user is to able to use that program. So the question would be, which of those programs do you think you could do w/o, at least as a normal user. (Ping and traceroute strike me as possible candidates.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
suid on directory - doesn't, sgid ok? pingu Linux - Security 1 01-18-2006 05:04 PM
Eliminating SUID & SGID? ridertech Linux - Security 4 07-08-2004 06:58 PM
suid/sgid question plan9 Linux - Security 1 07-08-2004 08:15 AM
Question: the concept of suid and sgid feetyouwell Linux - Software 4 02-03-2004 05:12 PM
SGID and SUID on Directories mikeyt_333 Linux - General 1 03-26-2002 03:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration