Bugtraq mailing list archives
More HP vulnerabilities?
From: cons () mail cern ch (Lionel Cons)
Date: Thu, 3 Oct 1996 11:57:45 +0200
Following the latest mails about sysdiag or other components of HP-UX, I searched all the setuid programs on a recently installed HP-UX 10.10 system. You'll find the complete list below my signature. Why so many sysadmin programs are setuid root? I don't want "normal" users to manipulate volume groups (vg*), logical volumes (lv*), install software on the machine (sw*), play with the network (nfsstat, lanadmin, lanscan...)... Why is lp is setuid root while other printer commands are setuid lp? Why is fpkg2swpkg (a program to translate files) setuid root? It seems that a HUGE cleanup of setuid programs is needed... _____________________________________________ Lionel Cons http://wwwcn.cern.ch/~cons CERN http://www.cern.ch # find /bin /sbin /usr/bin /usr/sbin -perm -04000 -exec ll {} \; -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvcreate -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgcreate -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvcreate -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgcfgbackup -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvchange -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvdisplay -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvextend -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvlnboot -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvreduce -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvremove -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/lvrmboot -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvchange -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvdisplay -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/pvmove -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgcfgrestore -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgchange -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgdisplay -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgexport -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgextend -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgimport -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgreduce -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgremove -r-sr-xr-x 23 root sys 569344 May 7 20:27 /sbin/vgscan -r-sr-xr-x 1 root bin 495616 Feb 23 1996 /sbin/passwd -r-sr-xr-x 1 root bin 315392 Feb 23 1996 /sbin/shutdown -r-sr-xr-x 1 root bin 49152 Feb 23 1996 /usr/bin/mediainit -r-sr-xr-x 1 root bin 20480 Feb 23 1996 /usr/bin/bdf -r-sr-xr-x 1 root bin 28672 Nov 6 1995 /usr/bin/rcp -r-sr-xr-x 1 root bin 20480 Nov 6 1995 /usr/bin/nfsstat -r-sr-xr-x 1 root bin 40960 Mar 15 1996 /usr/bin/at -r-sr-xr-x 1 root bin 20480 Feb 23 1996 /usr/bin/crontab -r-sr-sr-x 2 root mail 36864 Feb 23 1996 /usr/bin/mail -r-sr-sr-x 2 root mail 36864 Feb 23 1996 /usr/bin/rmail -r-sr-xr-x 1 root bin 16384 Feb 23 1996 /usr/bin/chfn -r-sr-xr-x 1 root bin 16384 Feb 23 1996 /usr/bin/chsh -r-sr-xr-x 1 root bin 12288 Feb 23 1996 /usr/bin/newgrp -r-sr-xr-x 1 root bin 24576 Feb 23 1996 /usr/bin/dcnodes -r-sr-xr-x 1 root bin 45056 Jan 3 1996 /usr/bin/df -r-sr-xr-x 1 root bin 102400 Feb 23 1996 /usr/bin/passwd -r-sr-xr-x 1 root bin 20480 Feb 23 1996 /usr/bin/su -r-sr-xr-x 1 root bin 73728 Nov 6 1995 /usr/bin/ppl -r-sr-xr-x 1 root bin 65536 May 2 00:33 /usr/bin/rdist -r-sr-xr-x 1 root bin 16384 Mar 15 1996 /usr/bin/remsh -r-sr-xr-x 1 root bin 24576 Nov 6 1995 /usr/bin/rlogin -r-sr-xr-x 1 root bin 16384 Nov 6 1995 /usr/bin/rexec -r-sr-sr-x 1 root sys 233472 Nov 18 1995 /usr/bin/X11/hpterm -r-sr-xr-x 1 root bin 221184 Nov 18 1995 /usr/bin/X11/xterm lr-sr-xr-t 1 root sys 31 Sep 9 11:29 /usr/bin/X11/gwind -> /opt/graphics/common/lbin/gwind -r-sr-xr-x 1 lp bin 32768 Nov 6 1995 /usr/bin/cancel -r-sr-xr-x 1 lp bin 20480 Nov 6 1995 /usr/bin/disable -r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/bin/enable -r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/bin/lp -r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/bin/lpalt -r-sr-xr-x 1 lp bin 36864 Nov 6 1995 /usr/bin/lpstat -r-sr-xr-x 1 lp bin 12288 Nov 6 1995 /usr/bin/slp -r-sr-xr-x 1 root bin 45056 Nov 6 1995 /usr/bin/ct -r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/bin/cu -r-sr-sr-x 1 bin daemon 499712 Nov 6 1995 /usr/bin/kermit lr-sr-xr-t 1 root sys 17 Sep 9 11:29 /usr/bin/landiag -> /usr/sbin/landiag -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swinstall -r-sr-xr-x 2 root bin 733184 Nov 16 1995 /usr/sbin/swpackage -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swacl -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swconfig -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swcopy -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swlist -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swremove -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swverify -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swreg -r-sr-xr-x 2 root bin 733184 Nov 16 1995 /usr/sbin/swmodify -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvchange -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvcreate -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvdisplay -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvextend -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvlnboot -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvreduce -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvremove -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/lvrmboot -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvchange -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvcreate -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvdisplay -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/pvmove -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgcfgbackup -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgcfgrestore -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgchange -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgcreate -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgdisplay -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgexport -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgextend -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgimport -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgreduce -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgscan -r-sr-xr-x 23 root sys 352256 May 7 20:27 /usr/sbin/vgremove -r-sr-xr-x 1 root bin 12288 Nov 6 1995 /usr/sbin/vhe/vhe_u_mnt -r-sr-xr-x 1 root bin 12288 Nov 6 1995 /usr/sbin/acct/accton -r-sr-xr-x 1 root bin 12288 Nov 6 1995 /usr/sbin/keyenvoy -r-sr-xr-x 1 root sys 53248 Mar 27 1996 /usr/sbin/lanadmin -r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/sbin/lanscan -r-sr-xr-x 1 root sys 36864 Mar 27 1996 /usr/sbin/linkloop -r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/sbin/landiag -r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/sbin/arp -r-sr-xr-x 1 root bin 24576 Nov 6 1995 /usr/sbin/ping -r-sr-sr-x 1 root mail 176128 Apr 4 00:39 /usr/sbin/sendmail -r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/sbin/accept -r-sr-xr-x 1 root bin 36864 Nov 6 1995 /usr/sbin/lpadmin -r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/sbin/lpfence -r-sr-xr-x 1 lp bin 20480 Nov 6 1995 /usr/sbin/lpmove -r-sr-xr-x 1 root bin 45056 Nov 6 1995 /usr/sbin/lpsched -r-sr-xr-x 1 lp bin 12288 Nov 6 1995 /usr/sbin/lpshut -r-sr-xr-x 1 root bin 24576 Nov 6 1995 /usr/sbin/rcancel -r-sr-xr-x 1 lp bin 16384 Nov 6 1995 /usr/sbin/reject -r-sr-xr-- 1 root lp 24576 Nov 6 1995 /usr/sbin/rlp -r-sr-xr-x 1 root bin 53248 Nov 6 1995 /usr/sbin/rlpdaemon -r-sr-xr-x 1 root bin 32768 Nov 6 1995 /usr/sbin/rlpstat -r-sr-xr-x 1 root bin 446464 Nov 9 1995 /usr/sbin/diag/DUI -r-sr-xr-x 1 root bin 57344 Nov 16 1995 /usr/sbin/fpkg2swpkg -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/sd -r-sr-xr-x 10 root bin 1470464 Nov 16 1995 /usr/sbin/swjob -r-sr-xr-x 1 root bin 19 Nov 9 1995 /usr/sbin/sysdiag -r-sr-xr-x 1 root bin 61440 Nov 9 1995 /usr/sbin/suplicen
Current thread:
- TCP SYN attack possible SOLUTION: FW-1 Saqib A. Khan (Oct 02)
- Re: TCP SYN attack possible SOLUTION: FW-1 Doctor Who (Oct 02)
- BoS: ANNOUNCE: Livermore Solution for SYN FLOOD firstcat () lsli com (Oct 02)
- Re: BoS: ANNOUNCE: Livermore Solution for SYN FLOOD Perry E. Metzger (Oct 03)
- More HP vulnerabilities? Lionel Cons (Oct 03)