Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site lsuc.UUCP
Path: utzoo!lsuc!dave
From: dave@lsuc.UUCP (David Sherman)
Newsgroups: net.unix-wizards
Subject: Re: Findsuid source (Re: Security and set[ug]id shell scripts)
Message-ID: <327@lsuc.UUCP>
Date: Thu, 24-Jan-85 14:30:22 EST
Article-I.D.: lsuc.327
Posted: Thu Jan 24 14:30:22 1985
Date-Received: Thu, 24-Jan-85 15:05:55 EST
References: <323@sdchema.UUCP> <647@ut-sally.UUCP>
Reply-To: dave@lsuc.UUCP (David Sherman)
Organization: Law Society of Upper Canada, Toronto
Lines: 18
Summary: make sure you check the stop list periodically!

Of course, it's fine to have a "findsuid" program that runs from
crontab and informs you if there are setUID programs not in the
"stop" list, but anyone who can become root can do some obvious
things:
	- patch the findsuid program with some subtle bug
	  (like introducing a non-printing char which will
	   make a test fail), so it silently stops being useful
	- edit the stop list to include their own pet Trojan horses
	  (so you had better examine the stop list manually occasionally)
	- modify any of the programs on the stop list so that when
	  called with a particular sequence, they give that person
	  a root shell.
Moral: once someone becomes root on a machine, if they really want
to keep the capability they can, unless you recompile all the system
source from a tape.
-- 
{utzoo pesnta nrcaero utcs}!lsuc!dave
{allegra decvax ihnp4 linus}!utcsrgv!lsuc!dave