[ubuntu-hardened] Removing suid root from binaries where it isn't needed

Kees Cook kees at ubuntu.com
Wed Oct 31 15:34:33 GMT 2007

On Wed, Oct 31, 2007 at 07:57:40AM -0700, Jeff Schroeder wrote:
> On 10/31/07, Kees Cook <kees at ubuntu.com> wrote:
> > Can someone make a matrix of setuid applications that need this
> > investigation?  Maybe at
> > https://wiki.ubuntu.com/Security/Investigation/Setuid
> >
> > With that we can build our checklist and see what needs either derooting
> > or fscap work.
> A basic outline has been created on that wikipage. If the table is too
> simple, edit it but from your email, that looks good. Once I'm in the
> office it will expand quite a bit.

Perfect, good start.  One note about the derooting checks: we need to
examine how the application behaves after it starts.  For example, ping
is derooted already (it drops privs after getting the SOCK_RAW

main(int argc, char **argv)
        icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
        socket_errno = errno;

        uid = getuid();
        if (setuid(uid)) {
                perror("ping: setuid");

$ ps auwwx | grep ping
kees       671  0.0  0.0   1848   528 pts/2    S    11:26   0:00 ping

Since there is work needed to investigate each source package, this is
why keeping a list of the investigation work in the wiki will be



Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071031/85e0957d/attachment.pgp 

More information about the ubuntu-hardened mailing list