Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ihnp4!ptsfa!lll-lcc!styx!ames!rutgers!husc6!necntc!adelie!cdx39!jc From: jc@cdx39.UUCP Newsgroups: comp.sources.d Subject: Re: Another kind of su program Message-ID: <656@cdx39.UUCP> Date: Thu, 12-Feb-87 11:23:36 EST Article-I.D.: cdx39.656 Posted: Thu Feb 12 11:23:36 1987 Date-Received: Sat, 14-Feb-87 18:49:26 EST References: <4055@caip.RUTGERS.EDU> <912@aicchi.UUCP> <288@acornrc.UUCP> <9150@topaz.RUTGERS.EDU> Organization: Codex Corp, a division of Motorola; Canton, MA, USA Lines: 41 Keywords: su, system security Summary: setuid or setuid root? > >to sweep the entire disk for setuid root programs every time a user was > > Careful system administrators use "find" to look at all setuid and > setgid programs on a regular basis. This pairing is a nice illustration of something I've found to be a problem on a lot of systems. Many security discussions include warnings about "setuid" programs being inherent security risks, when the warning should be that "setuid root" programs are risky. It is certainly understandable that people try to save words, but this particular shorthand has a rather undesirable effect. There are a lot of sysadmins that take such warnings at face value, and hunt down all setuid (to non-root ids) programs on their systems, harassing their owners until they are changed. The result is often a real decrease in system security. The fact is that programs that are setuid to non-super-users are very useful for increasing system security. This is done by uucp, for instance, and it reasonably effective. The recent 'append' program in net.sources is a nice example of a setuid program that can significantly improve system security while increasing sharing among its users. But asserting that all setuid programs are security risks and must be eliminated is not helpful. This newsgroup is probably not the right one for a discussion of security topics. When do we get a comp.security newsgroup? And maybe a comp.security.usg, comp.security.bsd, comp.security.vms, comp.security.ibm-pc (:-) and so on? Anyone wanna set one up? Or has this one been discussed to death already? [I would, but I'm in the middle of a job switch right now, so it's not a very opportune moment.] -- John M Chambers Phone: 617/364-2000x7304 Email: ...{adelie,bu-cs,harvax,inmet,mcsbos,mit-eddie,mot[bos]}!cdx39!{jc,news,root,usenet,uucp} Smail: Codex Corporation; Mailstop C1-30; 20 Cabot Blvd; Mansfield MA 02048-1193 Clever-Saying: Uucp me out of here, Scotty; there's no AI on this node!