OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: suid files
From: Skreel (webmasterSKREEL.COM)
Date: Fri Sep 15 2000 - 15:06:23 CDT

>Hi,
>

HI

>I've just learned that files with permission 4000 can be used to
>gain root privileges. How is it possible?

Suid files allows a user to give another user it's uid to perform
administrative
tasks. For example, an admin could create a suid file so some other admin
gets he's uid and work on a file he doesn't own. If root gives the suid bit
to a
file then if someone gets to execute the file, it'll be executed with root
privileges.
a suid /bin/sh would allow a user to get a rootshell if the suid bit was set
by root.

>And there was also written
>that the less such files on system the better for its security.

Yes, suid files can be useful but if someone can sortof exploit them and
break out
of the execution of such file or even use the execution in a way it wasn't
designed for
then it could lead to a breach.

>But how am I to know if for example /usr/bin/crontab file must be
>suid or not? Are there any files that have to be suids? And if yes,
>does it mean that every system has security hole? BTW after reading
>the article I run "find / -perm +4000" on my RedHat 6.2 and found 42
>such files. Should be less of them or it is ok?

it depends on how you administrate your system, and yes redhat has a lot
of suid files, i don't know what they are, and nor do i know what are the
ones
that are supposed tio be suid cause they vary from a system to another
depending
on the installation you did.

>Thank you for your advices,
>
>QBA
>