HPE Community
Operating System - HP-UX
1833052 Members
2564 Online
110049 Solutions
New Discussion

Setuid permission

 
SOLVED
Go to solution
Krishnan Viswanathan
Frequent Advisor

‎01-29-2002 03:04 PM

‎01-29-2002 03:04 PM

Setuid permission

Some applications files (binaries and scripts) on my system have setuid bit for owner and group. These belong to freight management and other apps.
(i.e these files are not owned by root).

Will this still mean a security threat if these are not owned by root but have setuid bit set?

thanks
0 Kudos
Reply
2 REPLIES 2
Rodney Hills
Honored Contributor

‎01-29-2002 03:09 PM

‎01-29-2002 03:09 PM

Solution

Re: Setuid permission

Generally no, but their could be indirect threats.

If for instance the application has a night process that is launched by root's cron and someone got write access to the text file that has the process that cron launches, then they could in effect become root and open up more holes in your system.

-- Rod Hills
There be dragons...
Reply
A. Clay Stephenson
Acclaimed Contributor

‎01-29-2002 03:10 PM

‎01-29-2002 03:10 PM

Re: Setuid permission

Hi:

They could still be a security threat if these users/groups have access to restricted directories trees but this could also be a perfectly legitimate use of setuid/setgid; there is just no enough data posted to make that call. You will need to dig deeper. One method is to remove those permission bits and see if users complain; the bad news is that you could kill critical processes.

Regards, Clay
If it ain't broke, I can fix that.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.