home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.sysv386
- Path: sparky!uunet!scorn!demesne!steph
- From: steph@demesne.uucp (Steph Marr)
- Subject: Re: setuid problem on SCOUnix v 3.2.2
- Organization: Demesne Computing
- Distribution: ca
- Date: Sat, 22 Aug 1992 21:49:55 GMT
- Message-ID: <1992Aug22.214955.5628@demesne.uucp>
- References: <1992Aug11.171250.6254@informix.com> <Bt3Mqn.49q@constant.demon.co.uk>
- Lines: 35
-
- slangley@constant.demon.co.uk (Simon Langley) writes:
-
- >Arturo Vega (arturo@informix.com) wrote:
- >: Hi,
- >:
- >: I have the following problem on SCOUnix V/386 v 3.2.2:
- >:
- >: Setuid programs revert to normal executables after any
- >: update, e.g. running "strip" on such a program will convert it
- >: back from setuid to normal.
- >:
- >My SVR4 system does the same thing. It also does this if I copy a suid
- >program (but not move). Although I don't know for sure, I would have thought
- >that this was a security feature. If you could copy a suid program into your
- >own directory and then edit it to create you own suid program this would be a
- >serious security hole; this would be a faff with a binary program on a system
- >that didn't allow suid shell scripts but it would be perfectly possible.
-
- In SCO UNIX 3.2.4, there is a kernel tunable parameter called SECCLEARID
- that, if you turn it off, will get rid of this behaviour. Why you would
- want to do so is a mystery to me, unless you -like- ruining your system
- security, but it's -your- box, and you can do with it what you will.
-
- If you care to give me the phone number, and a non-privileged account, I can
- show you how to become root inside 5 minutes once you've turned this off. %^}
-
- Note that SCO doesn't allow for setuid shell scripts -- again, that's a
- feature if you ask me. If I want something setuid, I'd just as soon that
- it wasn't world read-able as well.
-
- Cheers,
- --
- Steph Marr
- ...!uunet!sco!demesne!steph
- /* This is MY house, and MY machine. I'll say what I please. */
-
