[ubuntu-hardened] Removing suid root from binaries where it isn't needed
Kees Cook
kees at ubuntu.com
Wed Oct 31 15:34:33 GMT 2007
On Wed, Oct 31, 2007 at 07:57:40AM -0700, Jeff Schroeder wrote:
> On 10/31/07, Kees Cook <kees at ubuntu.com> wrote:
> > Can someone make a matrix of setuid applications that need this
> > investigation? Maybe at
> > https://wiki.ubuntu.com/Security/Investigation/Setuid
> >
> > With that we can build our checklist and see what needs either derooting
> > or fscap work.
> A basic outline has been created on that wikipage. If the table is too
> simple, edit it but from your email, that looks good. Once I'm in the
> office it will expand quite a bit.
Perfect, good start. One note about the derooting checks: we need to
examine how the application behaves after it starts. For example, ping
is derooted already (it drops privs after getting the SOCK_RAW
connection):
int
main(int argc, char **argv)
{
...
icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
socket_errno = errno;
uid = getuid();
if (setuid(uid)) {
perror("ping: setuid");
exit(-1);
...
$ ps auwwx | grep ping
kees 671 0.0 0.0 1848 528 pts/2 S 11:26 0:00 ping 10.2.3.1
^^^^
Since there is work needed to investigate each source package, this is
why keeping a list of the investigation work in the wiki will be
helpful.
Thanks,
-Kees
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071031/85e0957d/attachment.pgp
More information about the ubuntu-hardened
mailing list