Re: traceroute vs. traceroute6
On Fri, Jul 28, 2000 at 07:36:46PM +1000, Herbert Xu wrote:
> > so the question is why is it installed as suid?
>
> What's that got to do with anything?
It's got to do with the fact that you allow the users to run it. And once
you do that, it's no longer an admin-only command. To quote the FHS:
# 4.7 /usr/sbin : Non-essential standard system binaries
#
# This directory contains any non-essential binaries used exclusively by
# the system administrator.
Notice the _exclusively_.
> There are other setuid binaries in sbin and /usr/sbin as well.
% find /sbin /usr/sbin -perm 4755
/sbin/unix_chkpwd [1]
/usr/sbin/traceroute
OTOH:
% find /bin /usr/bin -perm 4755
/bin/login
/bin/mount
/bin/umount
/bin/ping
/bin/su
/bin/ping6
/usr/bin
/usr/bin/newgrp
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/gpasswd
/usr/bin/passwd
/usr/bin/lpq
/usr/bin/crontab
/usr/bin/gpg
/usr/bin/traceroute6
/usr/bin/lprm
/usr/bin/restorefont
/usr/bin/dumpreg
/usr/bin/restorepalette
/usr/bin/netselect
/usr/bin/restoretextmode
/usr/bin/lpr
/usr/bin/synaesthesia
/usr/bin/splaymidi
/usr/bin/at
/usr/bin/mtr
/usr/bin/vfte
/usr/bin/fping
/usr/bin/sudo
/usr/bin/deliver
Even though this was done only on a limited set of packages, those installed
on my system, it is obvious which program doesn't follow suit.
[1] from unix_chkpwd(8) manual page:
SYNOPSIS
<not invoked manually>
USAGE
This program is not intended to be called directly by
users and will log to syslog if it is called imporperly
(i.e., by some one trying exploit it).
--
Digital Electronic Being Intended for Assassination and Nullification
Reply to: