Guillaume has already documented some of these. I just want to urge you to completely remove rcp, rlogin, and rsh. It will make your security folks happier, and your system safer.
I have to wonder, though, just how experienced your security group is, if they don't understand why those programs are setuid in the first place. It's not like developers through that in just for the fun of it. Mark Post -----Original Message----- From: Marcy Cortes [mailto:[EMAIL PROTECTED] Sent: Monday, January 05, 2004 2:59 PM To: [EMAIL PROTECTED] Subject: Setuid programs on SLES 7 & 8 Our security group wants us to turn off setuid for all programs or document why it's there. SLES 7 seems to have the following: mount ping umount at chage chfn chsh crontab gpasswd rlogin rcp rsh sendmail traceroute SLES 8 has all the above except for rcp rlogin rsh sendmail & traceroute Is everything going to fall apart if I change them? Or can anyone point out why these programs need it so I can justify it to them? Thanks! Marcy Cortes Wells Fargo Services Company
