Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rdist exploit [bsdi]

From: taob () io org (Brian Tao)
Date: Sun, 14 Jul 1996 10:33:14 -0400

On Sat, 13 Jul 1996, Andrew N. Edmond wrote:


chflags noschg /usr/bin/rdist    # must take off immutable flag!
chmod 000 /usr/bin/rdist         # wipe all functionality from this prog


    This is a good policy to follow in any case.  Make a list of all
setuid and setgid binaries and determine if they really need those
bits turned on.  The default FreeBSD distribution ships with cose to
60 setuid binaries.  You can get away with a dozen or less on most
systems.  If it weren't for the r* commands and sendmail, my shell
servers would have only need 4 setuid root binaries (ping, lock,
login and traceroute).  If you use this as a default policy, many root
vulnerabilities will no longer apply to you.

    This is my list (updated since the one I posted to
freebsd-security a couple days ago):

cd /sbin ; chmod 500 mount_* *dump *restore route shutdown
cd /usr/bin ; chmod 500 *-local at* batch crontab cu key* logger lp* quota rdist su uu[^de]* wall
cd /usr/bin ; chmod 555 man
cd /usr/sbin ; chmod 500 lp* mrinfo mtrace ppp* sliplogin timedc
cd /usr/libexec ; chmod 500 mail.local

    It's also a good idea to scan for world-writeable directories and
chmod 555 them, or remove them altogether (like /var/spool/uucp* if
you're not running UUCP).
--
Brian Tao (BT300, taob () io org, taob () ican net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Previous By Date Next
Previous By Thread Next

Current thread: