Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Todd Burroughs <todd () hostopia com>
Date: Sat, 6 Dec 2003 02:53:58 -0500 (EST)
On Fri, 5 Dec 2003, Ciro wrote:
On Thu, 4 Dec 2003, Gino Thomas wrote:I asked some ppl the same question, answers vary. On one hand some ppl trust the suids and claim that messing up with them will open new problems and that there are also many other ways to get root (kernel, libc, daemons,...) on the other hand ppl agreed with me that if i don't
If, by "messing up with them", you mean "turning off the suid bit", that cannot decrease security. If they think otherwise, they do not know what they talk about. Any program that is suid or sgid can either do nothing for or decrease your security. I cannot think of any possible way that keeping suid/sgid could increase your security. There are some exceptions if you want to give people partial root access, like 'sudo'. I'm open to suggestions otherwise, but doubt anyone would disagree.
The thing that screams "bad idea" or at least "inconvienient pain in the neck" to me is that, on the off chance that a wide-spread exploit is found and you have to "make world" or whatever, it puts them right back and you have to do it again.
I was going to mention this, it is a "bit" of a pain when you replace something and it gets put back "where it belongs". I've broken 'su' on our systems before when it got updated. One of our programmers was pissed because she thought I cut her off root ;-) Another problem that you *must* be aware of is that if you do something like an 'rpm' update ('make world' would likely do the same), it may update things where they are supposed to be and they won't be suid, but you still have your vulnerable suid program that is actually suid on the "suid partition". It'll generally break things and you'll notice though. If the distros did this, you wouldn't have to worry about it. I find that the convenience of being able to look at the actual suid programs by doing "mount; ls -l /suid_stuff" outweighs this. It's annoying at update time though... For the most part, you shouldn't need all those suid programs anyway. Most boxes I administer have 'su' and 'sendmail' (sgid). On a workstation, I usually don't bother with this, but on a server I think it helps. It *is* a pain when I update the programs I want s[ug]id, as I have to manually fix this. It's nice that the ones that might get installed by updates or other admins doing things will not actually be s[ug]id, unless they put them on the "suid partition". This does not protect you against being rooted, but I find that it does make it easier to monitor and control. Many of the libc and other exploits require that you run a suid program, this makes it easier to control which ones actually work. When you have a lot of servers and admins of various skill and security knowlege (if you know anything about security, you know how hard it is for people to understand even simple security), I've found this very helpful in controlling what programs are actually s[ug]id on my servers. The latest Linux kernel thing is nasty, I've spent the week making kernels, rebooting and finding/fixing minor problems unrelated to security... Security against this: don't give shell access, if you host websites, CGI, PHP, etc. etc., keep suids away from people and fix things fast. Our web servers get patched real quick ;-) Todd Burroughs --- The Internet has given us unprecedented opportunity to communicate and share on a global scale without borders; fight to keep it that way. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Partial Solution to SUID Problems Todd Burroughs (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- new dos attack? Geo. (Dec 04)
- Re: new dos attack? Jonathan A. Zdziarski (Dec 04)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Vladimir Parkhaev (Dec 05)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- new dos attack? Geo. (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)