Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!ihnp4!houxm!hropus!jrw From: jrw@hropus.UUCP (Jim Webb) Newsgroups: net.unix-wizards Subject: Re: Which commands (in /bin & /usr/bin) must have set user ID (for root) Message-ID: <744@hropus.UUCP> Date: Mon, 20-Oct-86 15:37:09 EDT Article-I.D.: hropus.744 Posted: Mon Oct 20 15:37:09 1986 Date-Received: Tue, 21-Oct-86 06:47:02 EDT References: <115@tijc02.UUCP> <735@hropus.UUCP> <32@popeye.UUCP> Organization: Bell Labs, Holmdel, NJ Lines: 33 > >Also, /etc does not need to be 775 group sys. Make it 755. > > Although /etc does not *need* to be 775 group sys, it makes ps(1) run > much faster in most cases (see explanation below). I don't know if > other standard programs make use of this situation, but I don't think > that it creates a security problem. Unless other programs that are > setgid sys have shell escapes (I don't know of any) or access to group > sys is granted indiscriminately, I think that /etc should remain mode > 775, group sys, as distributed. I can think of one program off the top of my head that is setgid sys and has two very exploitable security holes. I would mention it here, but I am sure that every college student listening in would try it :-). I guess it is a tradeoff, I can become root on any standard SV machine in under 60 seconds if /etc is 775 group sys, or ps can run slower if /etc isn't writable by group sys. Because of this, I guess ps should be hacked to overwrite /etc/ps_data instead of unlinking and exclusively re-creat-ing it. Or, make "yet another" nothing login with NONE as its passwd so that it is IMPOSSIBLE for a non-superuser to login or su to the account, make it the owner of /etc, 755, and make ps setuid to it. You have to keep ps setgid sys, otherwise you cannot get at /dev/*mem and /dev/swap. ISN'T SECURITY FUN? It should be noted to fellow AT&T Bell Labbers that the hole mentioned above has been closed on most, if not all, 452 CompCenter machines, so don't waste your time looking at all of the setgid sys programs :-) -- Jim Webb "Out of phase--get help" ...!ihnp4!hropus!jrw "Use the Force, Read the Source"