wrote:
> I recently scanned my system for programs owned by root that have the
> suid bit set, and found not one but about 200 such programs. Can this
> possibly be justified?
Not usually.
> Could there be a problem if I just run a script that removes the suid
> bit from all of them?
Yes. You need *some* setuid programs (unless you only ever log in as
root, which is probably a bigger security risk than 200 setuid
binaries).
> What script would I use for that anyway?
find / -type f -perm +6000 -exec chmod ug-s {} \;
--
Glynn Clements <[EMAIL PROTECTED]>
