Which commands (in /bin & /usr/bin) must have set user ID (for root)
Jim Webb
jrw at hropus.UUCP
Tue Oct 21 03:07:25 AEST 1986
This is not the beginning of a shouting match...
> What surprised me about the list Jim replied with was that most of the
> commands
> were -rws......! Why should a setuid command *ever* be writeable? - it's just
> *inviting* attempts to find a bug and convince the command to write
> over itself.
First off, root can overwrite any file regardless of perms, yes/no? Second,
ever see "error: text busy" ? You cannot remove or write over a file that
is running somewhere on the system (or, to be picky, has the sticky bit set
and has been run)
> Are there any commands that actually depend on this?
Self modifying code, perhaps :-)
> >-rwsr-xr-x 1 root sys 47197 Oct 20 1985 at
> >-rwsr-xr-x 1 root sys 25093 Nov 5 1983 crontab
> >at needs to talk to cron in a very specific manner.
> I would expect you could write a good cron without setuid,
> since /etc/cron runs
> as root? Likewise "at", since it's the other side of cron?
at and crontab need to yell down /usr/lib/cron/FIFO to talk with cron.
I suppose you could make these commands setgid to some unique group and
make this pipe writable only by that group.
> What irks me more, though, is that the "lp" commands all run setuid-lp
> setgid-bin; this means that in a directory which lp can't access ( e.g. 700),
> lp foo
> fails, though
> lp <foo
then make lp suid root :-)
--
Jim Webb "Out of phase--get help" ...!ihnp4!hropus!jrw
"Use the Force, Read the Source"
More information about the Comp.unix.wizards
mailing list