More: Re: crontab reports: ....

1999-10-11 Thread Art Lemasters 
Allright, so what about the following?  Do programs sometimes
need to be unregistered as well?  Is the following a security
problem on my system?

/etc/cron.daily/suidmanager:
suidregister: /var/list/.bin/multigram registered but not installed
suidregister: /usr/lib/emacs/19.34/i386-debian-linux/movemail registered
but not installed

Hmmm...will be reading-up on this suidregister stuff.

Art

On Sat, Oct 09, 1999 at 02:19:11AM -0700, Sean 'Shaleh' Perry wrote:
 On 09-Oct-99 Bruno Van de Casteele wrote:
[...]
  /etc/cron.daily/suidmanager:
  /usr/sbin/sendmail PERMISSION MISMATCH: was root.root 777 changed to
  root.root
  4755
[...]
 It is less an error and more of a warning.  It you want to setuid a program,
 use suidregister.
[...]

RE: More: Re: crontab reports: ....

1999-10-11 Thread Pollywog 

On 11-Oct-99 Art Lemasters wrote:
 Allright, so what about the following?  Do programs sometimes
 need to be unregistered as well?  Is the following a security
 problem on my system?
 
 /etc/cron.daily/suidmanager:
 suidregister: /var/list/.bin/multigram registered but not installed
 suidregister: /usr/lib/emacs/19.34/i386-debian-linux/movemail registered
 but not installed

I get the same stuff after I upgrade but it goes away.  I have not been able
to find the script responsible for it.

--
Andrew

Re: More: Re: crontab reports: ....

1999-10-11 Thread Lawson Daku Max 
Pollywog wrote:

 On 11-Oct-99 Art Lemasters wrote:
  Allright, so what about the following?  Do programs sometimes
  need to be unregistered as well?  Is the following a security
  problem on my system?
 
  /etc/cron.daily/suidmanager:
  suidregister: /var/list/.bin/multigram registered but not installed
  suidregister: /usr/lib/emacs/19.34/i386-debian-linux/movemail registered
  but not installed

 I get the same stuff after I upgrade but it goes away.  I have not been able
 to find the script responsible for it.


If I remember correctly, it comes from /etc/suid.conf.
It's due the fact that a package was removed but this file haven't been
updated.

HTH


 --
 Andrew

 --
 Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

RE: More: Re: crontab reports: ....

1999-10-11 Thread Todd Suess 

see man suidregister, or you can edit the /etc/suid.conf file directly
and remove the offending lines.

-Todd



On Mon, 11 Oct 1999, Pollywog wrote:

 
 On 11-Oct-99 Art Lemasters wrote:
  Allright, so what about the following?  Do programs sometimes
  need to be unregistered as well?  Is the following a security
  problem on my system?
  
  /etc/cron.daily/suidmanager:
  suidregister: /var/list/.bin/multigram registered but not installed
  suidregister: /usr/lib/emacs/19.34/i386-debian-linux/movemail registered
  but not installed
 
 I get the same stuff after I upgrade but it goes away.  I have not been able
 to find the script responsible for it.
 
 --
 Andrew
 
 
 -- 
 Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

crontab reports: ....

1999-10-09 Thread Bruno Van de Casteele 

- Original Message -
From: Cron Daemon [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, October 09, 1999 6:35 AM
Subject: Cron [EMAIL PROTECTED] run-parts --report /etc/cron.daily


 /etc/cron.daily/suidmanager:
 /usr/sbin/sendmail PERMISSION MISMATCH: was root.root 777 changed to root.root
4755


this may sound stupid... but was does this error message means?


Bruno Van de Casteele
N.P. Puam[ICQ # CA957F]
Tune in at http://puam.cjb.net/

Re: crontab reports: ....

1999-10-09 Thread Dave Baker 
  /etc/cron.daily/suidmanager:
  /usr/sbin/sendmail PERMISSION MISMATCH: was root.root 777 changed to 
  root.root
 4755
 
 
 this may sound stupid... but was does this error message means?
 

This means that suidmanager found a problem with the sendmail executable
and fixed it.

Having permissions of 777 means that ANYONE can read/write/execute the
program.  The problem is in the WRITE portion - anyone with access to your
host can replace (or perhaps already has?) sendmail with their own
version.

Having permissions of 4755 means that group/other only have read and
execute permissions - the leading 4 indicates that the suid bit is set
(program runs under the uid of the owner of the program).


With an error like this popping up in the log file, I'd start checking the
system to see if the security has been compromised

-dave

--
   | oOOooO   /  
 --|oOobodoO/   [EMAIL PROTECTED]
 --| ooOoOo   /
   |   II   / The wise man tells you where you have fallen
   |   II /  and where you may fall - Invaluable secrets.

Re: crontab reports: ....

1999-10-09 Thread Ben Collins 
On Sat, Oct 09, 1999 at 11:54:41AM -0500, Dave Baker wrote:
   /etc/cron.daily/suidmanager:
   /usr/sbin/sendmail PERMISSION MISMATCH: was root.root 777 changed to 
   root.root
  4755
  
  
  this may sound stupid... but was does this error message means?
  
 
 This means that suidmanager found a problem with the sendmail executable
 and fixed it.
 
 Having permissions of 777 means that ANYONE can read/write/execute the
 program.  The problem is in the WRITE portion - anyone with access to your
 host can replace (or perhaps already has?) sendmail with their own
 version.

I'm sure that /usr/sbin/sendmail is a symlink to the real MTA, which is why
it keeps showing up (the symlink always has mode 777). This could be
considered a bug in suidmanager. IMO, the package should add the correct
file to suidmanager rather than setting the symlink (since the symlink might
point to another file altogether if the admin set's it up that way).

Ben

Re: crontab reports: ....

1999-10-09 Thread Brian Servis 
*- On  9 Oct, Ben Collins wrote about Re: crontab reports: 
 On Sat, Oct 09, 1999 at 11:54:41AM -0500, Dave Baker wrote:
   /etc/cron.daily/suidmanager:
   /usr/sbin/sendmail PERMISSION MISMATCH: was root.root 777 changed to 
   root.root
  4755
  
  
  this may sound stupid... but was does this error message means?
  
 
 This means that suidmanager found a problem with the sendmail executable
 and fixed it.
 
 Having permissions of 777 means that ANYONE can read/write/execute the
 program.  The problem is in the WRITE portion - anyone with access to your
 host can replace (or perhaps already has?) sendmail with their own
 version.
 
 I'm sure that /usr/sbin/sendmail is a symlink to the real MTA, which is why
 it keeps showing up (the symlink always has mode 777). This could be
 considered a bug in suidmanager. IMO, the package should add the correct
 file to suidmanager rather than setting the symlink (since the symlink might
 point to another file altogether if the admin set's it up that way).
 

Or sendmail(the package) was orginally installed and when it was
replaced with another MTA like exim the sendmail.postrm script did not
call suidunregister to remove the sendmail line from /etc/suid.conf.
Thus a bug in sendmail.
 
For exim, the following was added to my /etc/suid.conf with
suidregister:

exim /usr/sbin/exim root root 4755

and sendmail is a link to exim.

I have never had the sendmail package installed so I can't say for sure
if this is the case. Just another scenario.

-- 
Brian Servis
-- 

Mechanical Engineering  |  Never criticize anybody until you  
Purdue University   |  have walked a mile in their shoes,
[EMAIL PROTECTED]   |  because by that time you will be a
http://www.ecn.purdue.edu/~servis   |  mile away and have their shoes.