topic Re: fuser in Operating System - HP-UX

fuser

Account Not Used — Mon, 22 Oct 2001 15:31:56 GMT

Can someone tell me what kind of security issues there are with the command "fuser". Currently we only allow our Sys. Admins. to have fuser privilages. Our Oracle DBA group has requested to have it. In the C2 checklist I believe it is recommended to disable the use of this command.

Re: fuser

Santosh Nair_1 — Mon, 22 Oct 2001 15:37:29 GMT

One thing to keep in mind is that a normal user can copy the fuser executable and just run it as a normal user...so if you're really concerned about security, then you should probably remove the read permissions for other on the /usr/sbin/fuser command.

In response to your original question, fuser allows a user to see the executables that are currently using a give file/filesystem. Not really sure what kind of security implications this might have.

-Santosh

Re: fuser

Sridhar Bhaskarla — Mon, 22 Oct 2001 15:44:25 GMT

Security implication of giving access to fuser is that it enables killing of processes with no pattern. For ex., if the DBA is given access to use fuser, he/she can kill not only the database processes but also the other processes using the file/file system instead of selective killing which is not a good way of fixing the problem.

-Sri

Re: fuser

Bernie Vande Griend — Mon, 22 Oct 2001 15:53:07 GMT

Yes, you should be very careful of who has access to fuser, since it not only can tell you what processes a device/filesystem etc has open, but the -k option allows them to kill those processes as well. It shouldn't be given to anyone that doesn't already have access to kill other users processes. And also should only be given to those that know how to use if correctly.
I would suggest looking into lsof instead for your DBAs to use. There may be security implications there as well, but nothing obvious that I can think of.

Re: fuser

A. Clay Stephenson — Mon, 22 Oct 2001 15:55:13 GMT

The most serious problem is the fuser -k. While this is not a setuid root program and thus your DBA's could not kill processes that they do not own there is still a BIG problem using fuser -k - it sends a SIGKILL (kill -9) - a very BAD way to kill any process.

If I were going to allow non-root users to execute fuser, I would create a wrapper which prevents executing with -k. The other answer is to load lsof; if you like you could download the source and make the command do as little as you want.

Regards, Clay

Re: fuser

harry d brown jr — Mon, 22 Oct 2001 16:05:10 GMT

My 2 cents:

Being a security nut, I disagree with the statement that fuser access should be restricted. One should never base their security on the lack of knowledge. I personally prefer lsof over fuser, as lsof gives useful information. Keeping information out of the hands of outsiders is one thing, restricting the productivity of admins, whether they be dba's or sa's or application administrators, is pure madness.

Look at this document to secure your server:

http://people.hp.se/stevesk/bastion11.html

and this to obtain lsof:

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/lsof-4.55/

I've had and won many arguments that if outsiders were to obtain our ip addresses then they could attack us. Well that is a crock of doo. First we protect our selves by using firewalls, routers, and bastian servers. What does having knowledge about ip's have to do with anything? Exactly, nothing!

In general, it's usually the people that know nothing about security in general, security in unix, or application security that are placed in charge of security. Why? I have no idea! Ask your admin to ease up.

harry

live free or die