[SOLVED] Minimise SetUID/SetGID programs

Noble · 2010-08-21 14:13:17

Running "find / -perm +6000 -ls" which I got from here http://www.auscert.org.au/5816#D I found the following:

131076   32 -rwsr-sr-x   1 root     root        29986 Dec 31  2009 /sbin/unix_chkpwd
1574947   12 -rwsr-xr-x   1 root     root         9508 Aug 11 02:50 /usr/lib/pt_chown
1837411   40 -rwsr-x---   1 root     dbus        38608 Mar 24 12:35 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
2104295  184 -rws--x--x   1 root     root       187548 May 24 08:13 /usr/lib/ssh/ssh-keysign
1583981   80 -rwxr-sr-x   1 root     mail        78208 Apr  4  2009 /usr/bin/mail
1579267   20 -rwsr-xr-x   1 root     root        19720 May 28 03:22 /usr/bin/passwd
1593248   32 -rwxr-sr-x   1 root     locate      30488 Mar 27 01:24 /usr/bin/locate
1595243 1680 -rwsr-xr-x   1 root     root      1717140 Jun 21 13:55 /usr/bin/Xorg
1595966    8 -rwsr-xr-x   1 root     root         8024 May 27 17:09 /usr/bin/otp
1580159   12 -rwsr-x---   1 root     users        9964 Feb 24 04:19 /usr/bin/crontab
1579265   20 -rwsr-xr-x   1 root     root        17468 May 28 03:22 /usr/bin/newgrp
1579268   36 -rwsr-xr-x   1 root     root        36200 May 28 03:22 /usr/bin/chage
1580239    8 -rwxr-sr-x   1 root     tty          8060 Aug  2 16:27 /usr/bin/write
1601430    8 -rwsr-xr-x   1 root     root         6632 May  4 17:58 /usr/bin/slock
1579270   16 -rwsr-xr-x   1 root     root        15292 May 28 03:22 /usr/bin/chsh
1579264   12 -rwsr-xr-x   1 root     root        12020 May 28 03:22 /usr/bin/expiry
1579269   28 -rwsr-xr-x   1 root     root        27124 May 28 03:22 /usr/bin/gpasswd
1595962   12 -rwsr-xr-x   1 root     root        11860 May 27 17:09 /usr/bin/ksu
1579261   20 -rwsr-xr-x   1 root     root        17404 May 28 03:22 /usr/bin/chfn
2621517   12 -rwsr-xr-x   1 root     root        11608 Feb 23 19:40 /bin/traceroute6
2621516   28 -rwsr-xr-x   1 root     root        26812 Feb 23 19:40 /bin/ping6
2621490   40 -rwsr-xr-x   1 root     root        39084 Aug  2 16:27 /bin/umount
2621515   32 -rwsr-xr-x   1 root     root        30824 Feb 23 19:40 /bin/ping
2621463   24 -r-sr-xr-x   1 root     root        22932 Jun 13 13:40 /bin/su
2621492   60 -rwsr-xr-x   1 root     root        60140 Aug  2 16:27 /bin/mount
2621518   20 -r-sr-xr-x   1 root     root        18220 Feb 23 19:40 /bin/traceroute

Now, what does this mean, and what should I do?

Last edited by Noble (2010-08-21 14:40:03)

karol · 2010-08-21 14:18:16

This means that the programs are potentially dangerous, in the same way you can hurt yourself with a knife or when carelessly driving a car. You can get rid of all sharp and pointy things in your environment but that would make many things much harder or even impossible to accomplish.

This is a standard setup, you don't have to do anything.

Noble · 2010-08-21 14:36:01

So if I am the only user with granted access to the system this should be nothing to worry about?

karol · 2010-08-21 14:38:16

Noble wrote:

So if I am the only user with granted access to the system this should be nothing to worry about?

Exactly. Server / multiuser environments have stronger needs for security, but those are regular apps used for system administration: create a new user, change his password, change his shell, locate a file etc.

Arch Linux

#1 2010-08-21 14:13:17

[SOLVED] Minimise SetUID/SetGID programs

#2 2010-08-21 14:18:16

Re: [SOLVED] Minimise SetUID/SetGID programs

#3 2010-08-21 14:36:01

Re: [SOLVED] Minimise SetUID/SetGID programs

#4 2010-08-21 14:38:16

Re: [SOLVED] Minimise SetUID/SetGID programs

Board footer