Great Circle Associates Majordomo-Users
(July 1995)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Security question (fwd)
From: Gunther Anderson <gunther @ ssi . edc . org>
Date: Sun, 30 Jul 1995 20:59:20 -0400 (EDT)
To: Alejandro Daniel Verri <averri @ delec . fi . uba . ar>
Cc: majordomo-users @ greatcircle . com
In-reply-to: <9507301017.AA08183@delec.fi.uba.ar>

> > I have a problem with my system administrator.
> > We have the wrapper like this:
> > -rwsrwxr-x root Majordom    wrapper*
> > 
> > and The administrator don't want this, because, say, it's not secure for the
> > system. It's true?
> > Can a hacker, copy a shell to the majordomo directory an execute like root?

My understanding is that the default SCO behavior is that any file being 
written will automatically lose the "set-uid" bit from the permissions.  
If this is not the case on your system, it can be certainly configured in 
the kernel parameter configuration program (look in "sysadmsh" if you 
don't know where to look).  Test it by making a program, setting it to 
chmod 4755, and cp'ing another file on top of it.  Then do "ls -l" to see 
what the permissions on the file are.

> > I don't know how answer him, because, i'm not a unix guru.
> > Is there any response for him? Is there any permissions more
> > secure? (POSSIX) > 
> > any help will be appreciated
> > Thanks in advance and sorry for my english
> > 
> > P.D. The system : SCO Unix 3.2, Sendmail V5. Perl 5.001 patch i,
> >Majordomo-1.93

There is also no reason you can't set it to:

> > -r-sr-xr-x root Majordom    wrapper*

There is no reason to have this program writable by anybody.  If you need 
to recompile it and replace it, make it writable then.

So if it's difficult to convinve your administrator that the program is 
safe anyway (he should already know the answers to this problem), you can 
just chmod the file to 4555.

Gunther Anderson


References:
Indexed By Date Previous: documentation needed
From: jeff dunn <jdunn@cloud9.net>
Next: No Archives!
From: majordomo <majordom@lumen>
Indexed By Thread Previous: Security question (fwd)
From: Alejandro Daniel Verri <averri@delec.fi.uba.ar>
Next: documentation needed
From: jeff dunn <jdunn@cloud9.net>

Google
 
Search Internet Search www.greatcircle.com