Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Partial Solution to SUID Problems

From: psz () maths usyd edu au (Paul Szabo)
Date: Sat, 6 Dec 2003 21:42:48 +1100 (EST)
Todd Burroughs <todd () hostopia com> wrote:


If, by "messing up with them", you mean "turning off the suid bit", that
cannot decrease security.  If they think otherwise, they do not know
what they talk about.  Any program that is suid or sgid can either do
nothing for or decrease your security.  I cannot think of any possible
way that keeping suid/sgid could increase your security.  There are some
exceptions if you want to give people partial root access, like 'sudo'.


Sorry, but I have a counter-example (and admit that I was bitten by it):
pt_chown (or chgpt or slvmod or whatever). Some OSs use something like
that to chown or chmod the pty they just allocated. Turning the suid bit
off prevents your pty from being owned by you so you cannot set safe
permissions, and are vulnerable to "echo badcommand > yourpty".

Cheers,

Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: