HPE Community
Operating System - HP-UX
1825771 Members
2129 Online
109687 Solutions
New Discussion

Re: Set UID Programs

 
Keith Meloy_1
Occasional Advisor

‎01-23-2003 03:00 AM

‎01-23-2003 03:00 AM

Set UID Programs

I have been asked by auditors to prove that none of my users can write to files containing programs owned by root and run in set uid mode. Does anyone know an easy way to check this?
Cheers

Keith
0 Kudos
Reply
5 REPLIES 5
Pete Randall
Outstanding Contributor

‎01-23-2003 03:12 AM

‎01-23-2003 03:12 AM

Re: Set UID Programs

Send the auditors to Unix Fundamentals 101?

;^)

Pete

Pete
0 Kudos
Reply
John Palmer
Honored Contributor

‎01-23-2003 03:32 AM

‎01-23-2003 03:32 AM

Re: Set UID Programs

find / -perm -4000 -type f -user root -exec ls -l {} \;

will give you a list of all root setuid programs. You can then check the permissions to see if any have write permissions that they shouldn't have.

Regards,
John
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-23-2003 03:48 AM

‎01-23-2003 03:48 AM

Re: Set UID Programs

Hi Keith:

# find / -type f -user 0 -perm -u+s -a \( -perm -u+w -o -perm -g+w -o -perm -o+w \) -exec ls -l {} \;

...will find all files (-type f) where the owner is root (-user 0) with the setuid bit on AND (-a) with write permissions on either the owner OR (-o) the group OR the world. For any files found, an 'ls' listing will be output.

See the 'find' and 'chmod' man pages for more information.

Regards!

...JRF...
0 Kudos
Reply
Rajesh G. Ghone
Regular Advisor

‎01-23-2003 06:08 AM

‎01-23-2003 06:08 AM

Re: Set UID Programs

Hi Keith,

You can give umask & check the umask permissions if it is 777 then it has got write permissions to the others also if u want to change the umask settings either you can edit /sbin/init.d/inetd file & change the umask to 022 or u can give umask 022 in /etc/profile file so that whatever files u will be creating now it will be with 722 permissions & the others & group wont have write permissions.
As far uid is concern i think you can check /etc/passwd for user id's.I hope this solves your problem.

Regards,
Rajesh G.
Rajesh Ghone
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎01-24-2003 01:21 PM

‎01-24-2003 01:21 PM

Re: Set UID Programs

I think the problem is likely simpler than is being discussed. Writing to a setuid file by a user other than root clears the setuid bit as a side effect of the write,
which removes this threat. Example:

# touch foo
# chmod 4777 foo
# ll foo
-rwsrwxrwx 1 root sys 0 Jan 24 14:00 foo
# echo foobar >> foo
# ll foo
-rwsrwxrwx 1 root sys 7 Jan 24 14:00 foo
# su bin
$ echo foobar >> foo
$ ll foo
-rwxrwxrwx 1 root sys 14 Jan 24 14:01 foo
$

Note that the setuid bit is now cleared even though nobody did a chmod of the file after
the su.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.