Findsuid source (Re: Security an
jab at uokvax.UUCP
jab at uokvax.UUCP
Mon Feb 4 11:07:00 AEST 1985
/***** uokvax:net.unix-wizar / emks / 3:45 pm Jan 29, 1985 */
Another problem with having a find-suid-programs program that runs based
on crontab entries is that anyone can see when the find-suid-programs
program is going to run next, and make their moves on that basis.
Perhaps /usr/lib/crontab should be mode 600... But then one could always
check the last access time of the program, or look up the per-proc accounting.
/* ---------- */
There is a good argument for locking the "per process accounting" records,
since it was NONE OF YOUR BUSINESS what programs I run.
Any findsuid program needs to notice the MODIFICATION time of any of the
"permitted" files and report recently-changed binaries. There might also
be a good argument for disallowing setuid/setgid (for system ids) files
on non-system disks: this is a quick HACK to exec(2).
(Please don't flame the above suggestion as "non-portable": of course it's
not portable, but you change YOUR copy of the system to meet YOUR needs.)
Jeff Bowles
Lisle, IL
More information about the Comp.unix.wizards
mailing list