On Sun, Dec 07, 2003 at 03:48:03PM +0100, Markus Friedl wrote: > > On a server that you have shell access, you probably really need to add > > 'passwd' to the 'suid partitiion'. You may need some other things, > > on some of our servers, I have 'ping' as well. > it's not really necessary to have passwd setuid.
actually, I wasn't so much after passwd, this was just an example. the same rule applies for all more or less shared ressources where the individual users needs write access to under special constraints, but not generally - like with passwd, normal users should not have write access in general, but need for changing their passwords, thus a setuid passwd. This case can be worked around, others probably too, some probably not. the point was that a setuid or setgid binary in this case increases security over having write access for everyone. same rules apply for ressources where the ordinary user must not have read access except for the special cases. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
