Re: Of mice and men

Understand.

The original post said:

"with enough security that logged in as a normal user, I cannot change even
another user's data"

I had said:

"This would depend on how well the sysadm (you or otherwise) and your users
maintained their environment no?"

The response was:

Each of the cases you explain below my point still stands. Your security is
only as good as the person who's maintaining it.

With regards to SUID bit. I merely suggested that one should look at it.
Someone could download something, install something as a root user and be
_totally_ oblivious to the fact that now their machine has a security hole.
Or is that impossible? Maybe they've fixed this up now, I don't hack so I
don't really know.


JCE

"Richard" <riplin@xxxxxxxxxxxx> wrote in message
news:1115407949.715865.116550@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> So what does chmod do? Or do you somehow disable that from working?
>
> Someone can only chmod or chown files that they have permission to do
> so. So one can chmod _their_ files to give access to others, but they
> cannot gain permission for themselves.
>> Please check your system for programs set with the SUID bit
>> enabled then tell me you cannot run something like root.
> The suid bit on a program makes that program run as the owner of the
> file. If I set my programs (ie ones that I own) to suid then they run
> as my user and thus can access my files and directories. I could do
> that so that others could run my program to access those files without
> letting them access the files directly. ie it makes the files _more_
> secure. As it is _my_ program then only I can set the suid and I can
> control what the program does.
> Sometimes the suid is set for root owned files. This can only be set by
> root and cannot be set by, say, downloading a file and saving it to
> disk. In fact downloading won't even set the executable bits.
>
> The same argument applies. A suid root owned executable can, for
> example, update a file that users only have read access to. Thus
> ordinary users can only update via that program and they don't need
> write access. It is _more_ secure.


.

Relevant Pages

  • Re: Of mice and men
    ... Someone can only chmod or chown files that they have permission to do ... The suid bit on a program makes that program run as the owner of the ... Sometimes the suid is set for root owned files. ...
    (comp.lang.cobol)
  • Re: Top (topas) command
    ... Unable to initialize Spmi interface ... If you aren't worried about security do the following as root: "chmod u+s ...
    (comp.unix.aix)
  • Re: Setuid and setgid programs owned by root
    ... Is that true that whoever runs these programs can gain root access ... whose effective user ID as that of the owner of the file. ... Well-written suid root programs allow users to do ... Experimental Software Security at the Chair of Software Engineering ...
    (comp.security.unix)
  • Re: Installation of SCREEN with multi access
    ... root" nor "suid alpha". ... What I did do was cd to the binaries directory and then "chmod +s ...
    (comp.unix.solaris)
  • Re: Weird problem with UID settings
    ... The suid bit is set, on all the various versions of the program I have ... 'chmod 4755 ' Sound right to you? ... >> our sysadmin to verify that for me, and the owner is root, belonging to ... > Other people's romantic gestures seem novel and exciting. ...
    (comp.unix.bsd.freebsd.misc)