Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Henning Brauer <hb-fulldisclosure () bsws de>
Date: Sat, 6 Dec 2003 13:19:40 +0100
On Sat, Dec 06, 2003 at 02:53:58AM -0500, Todd Burroughs wrote:
If, by "messing up with them", you mean "turning off the suid bit", that cannot decrease security. If they think otherwise, they do not know what they talk about. Any program that is suid or sgid can either do nothing for or decrease your security. I cannot think of any possible way that keeping suid/sgid could increase your security. There are some exceptions if you want to give people partial root access, like 'sudo'.
please explain how a user should be able to change his password without a setuid passwd. write access to /etc/spwd.db and pwd.db for everybody...? -- Henning Brauer, BS Web Services, http://bsws.de hb () bsws de - henning () openbsd org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Partial Solution to SUID Problems Todd Burroughs (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- new dos attack? Geo. (Dec 04)
- Re: new dos attack? Jonathan A. Zdziarski (Dec 04)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Vladimir Parkhaev (Dec 05)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- new dos attack? Geo. (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 08)