> > I have a problem with my system administrator.
> > We have the wrapper like this:
> > -rwsrwxr-x root Majordom wrapper*
> >
> > and The administrator don't want this, because, say, it's not secure for the
> > system. It's true?
> > Can a hacker, copy a shell to the majordomo directory an execute like root?
My understanding is that the default SCO behavior is that any file being
written will automatically lose the "set-uid" bit from the permissions.
If this is not the case on your system, it can be certainly configured in
the kernel parameter configuration program (look in "sysadmsh" if you
don't know where to look). Test it by making a program, setting it to
chmod 4755, and cp'ing another file on top of it. Then do "ls -l" to see
what the permissions on the file are.
> > I don't know how answer him, because, i'm not a unix guru.
> > Is there any response for him? Is there any permissions more
> > secure? (POSSIX) >
> > any help will be appreciated
> > Thanks in advance and sorry for my english
> >
> > P.D. The system : SCO Unix 3.2, Sendmail V5. Perl 5.001 patch i,
> >Majordomo-1.93
There is also no reason you can't set it to:
> > -r-sr-xr-x root Majordom wrapper*
There is no reason to have this program writable by anybody. If you need
to recompile it and replace it, make it writable then.
So if it's difficult to convinve your administrator that the program is
safe anyway (he should already know the answers to this problem), you can
just chmod the file to 4555.
Gunther Anderson
References:
|
|
