[debian-knoppix] adduser command sets files suid root

To: debian-knoppix@linuxtag.org
Subject: [debian-knoppix] adduser command sets files suid root
From: Robert Storey <y2kbug@ms25.hinet.net>
Date: Sun, 14 Mar 2004 19:09:57 +0100
Message-id: <[🔎] 20040314190957.6a6753b3.y2kbug@ms25.hinet.net>

I made a bizarre discovery today. It's not just a Knoppix problem, but
Knoppix is affected.

I've noticed that if I create new users with the "adduser" command, all
the files in the new user's directory (which are copied from /etc/skel)
are set suid root. This is true even though the files in /etc/skel are
not suid root. All files in the new user's directory are affected, even
hidden files.

The problem can be worked around if you login as that particular user,
and issue the following two commands:

  chmod -s -R *
  chmod -s -R .[a-zA-Z]*

I thought this was a Knoppix problem, but then I checked my Slackware
partition and found that it was the same. I'm just wondering what this
is happening? Seems to me that suid root would be a security hazard. OK,
I realize that none of these files are executable binaries, but it still
seems like a bad practice.

The default user "knoppix" does not have this particular problem. Very
strange indeed.

regards,
Robert
_______________________________________________
debian-knoppix mailing list
debian-knoppix@linuxtag.org
http://mailman.linuxtag.org/mailman/listinfo/debian-knoppix

Reply to:

Prev by Date: [debian-knoppix] Knoppix Hdd Install
Next by Date: Re: [debian-knoppix] Console boot login message
Previous by thread: [debian-knoppix] Re:Knoppix Hdd install
Next by thread: [debian-knoppix] Console boot login message
Index(es):
- Date
- Thread