[clue-tech] File permission anomalies under FC3
Kevin Fenzi
kevin at scrye.com
Tue Jun 14 09:15:09 MDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Greg" == Greg Knaddison <greg.knaddison at gmail.com> writes:
...snip...
>> SUID bits set -r-xr-s--x 1 root 20 70408 Oct 19 2004
>> /usr/bin/mahjongg -rwxr-sr-x 1 root nobody 64920 Mar 15 12:11
>> /usr/bin/ssh-agent -r-xr-s--x 1 root 20 41264 Oct 19 2004
>> /usr/bin/glines
>>
Greg> I don't know about SUID.
Note that those are NOT SUID... they are SGID. ie, they run as
whatever user runs them, but with the group that is set on the file.
The games are likely sgid to the 'games' group, allowing them to write
to the group 'games' writable scores files.
>> Are files like these in fact security holes? If so, what would be
>> the best way of eliminating them?
Greg> You could probably remove most of them (e.g. the games) and
Greg> chmod the others if you feel there is a security problem.
You could just remove the games packages if you like.
You can use 'rpm -qf /path/to/file' to see what package owns a file
and then 'rpm -e packagename' to remove it.
I doubt very much there is any permissions security issues though.
Things are given just as much privs as they need to work, and lots of
folks look over this stuff. :)
kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQFCrvSA3imCezTjY0ERAoqLAJ49M5NDwc7DMOnNjd1lM62pP/NI9wCfa0YI
TmtSXJ3Vi0uqrwcnclG4SqU=
=bHjK
-----END PGP SIGNATURE-----
More information about the clue-tech
mailing list