Al O'Connor's [oconnoat at tcd.ie] 41 lines of dribble included:
:>:>Hi,
:> I was reading that some programs setuid themselves to root to do things (I
:>think mount -all can be made to do it?). What are the restrictions of this?
:>How are malicious (or stupid) programs prevented from root-ing themselves
:>and causing Bad Things to happen?
I think you're talkig about setuid binaries here.
find / -name 4755 should get you the list of setuid binaries on your system.
Of course there's also plenty of setgid binaries. Basically these can be some
of the most insecure parts of your system. If you're subscribed to bugtraq
you'll see a lot of the major exploits are for binaries which contain buffer
overflows, which, when exploited properly, can let users execute arbitrary
code (for example they can spawn a shell). When the binary is setuid root this
shell would be a "root shell" and hence these can be dangerous.
The best thing is to keep subscribed to bugtraq, make sure you have all the
latest patches and vendor updates.
Aleph1 has a text called "Smashing the Stack for fun and Profit" which
explains in a bit more detail how buffer overflows are achieved [1]. You'll
want some knowledge of C and assembly to understand it fully methinks.
http://www.geek-girl.com/bugtraq/1996_4/0196.html
Basically the best way to make sure setuid binaries aren't suddenly installed
on your machine as a "backdoor" is to keep md5checksums of your filesystems
and check them regularly.
Phil.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
