Findsuid source (Re: Security and set[ug]id shell scripts)
David Sherman
dave at lsuc.UUCP
Fri Jan 25 05:30:22 AEST 1985
Of course, it's fine to have a "findsuid" program that runs from
crontab and informs you if there are setUID programs not in the
"stop" list, but anyone who can become root can do some obvious
things:
- patch the findsuid program with some subtle bug
(like introducing a non-printing char which will
make a test fail), so it silently stops being useful
- edit the stop list to include their own pet Trojan horses
(so you had better examine the stop list manually occasionally)
- modify any of the programs on the stop list so that when
called with a particular sequence, they give that person
a root shell.
Moral: once someone becomes root on a machine, if they really want
to keep the capability they can, unless you recompile all the system
source from a tape.
--
{utzoo pesnta nrcaero utcs}!lsuc!dave
{allegra decvax ihnp4 linus}!utcsrgv!lsuc!dave
More information about the Comp.unix.wizards
mailing list