Suid and gid files

[Robert Watson]

On Mon, 23 Jun 2003, Socketd wrote:

> I just installed FreeBSD 5.1 release and ran a "find / -perm +4000" and
> "find / -perm +2000". My question is: are any of these files used by the
> system, in a way that prevents me from making them non-executable to the
> world?  I have no shell users and don't use sendmail. 

Setuid can be turned off on pretty much all of the binaries; however, as
you turn off setuid bits, more and more things will not work for
unprivileged users.  During normal system operation, privileges are
usually "dropped" as opposed to "acquired", so the exceptions are usually
for access to raw sockets, system devices, etc.  I recently removed the
setuid bit from the quota command in -CURRENT, and am in the throes of
reviewing the remaining setuid/setgid pieces as part of developing our
Security Architecture document. 

The one potentially problematic case that comes to mind is mail submission
by sendmail; mechanisms such as cron, at, etc, expect to be able to
generate mail from unprivileged users and that may break if you use
sendmail as the MTA but without setuid.  There are mail systems that don't
require setuid, instead relying on LTMP, which might be preferable in your
environment.  I also find su very helpful, FWIW :-). 

> Btw why is /usr/sbin/ppp world readable? (not that is matters) 

sproing:/usr/sbin> ls -l ppp
-r-sr-xr--  1 root  network  367304 May  8 15:16 ppp*

Yeah, that is a little inconsistent, although not harmful as far as I can
tell.  I'll remove the read bit in -CURRENT and we'll see if anyone
complains :-). 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories