Hello, I was wondering: while SuSE are working on the fixes to these latest kernel problems is it sensible to remove suid privilege from newgrp? What functionality would be lost? I realise that newgrp is not the culprit and that disabling it would not properly fix the problem, but it should be a useful protection against script kiddies. Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
Hi Bob! On Mon, 22 Oct 2001, Bob Vickers wrote:
Hello,
I was wondering: while SuSE are working on the fixes to these latest kernel problems is it sensible to remove suid privilege from newgrp? What functionality would be lost?
I realise that newgrp is not the culprit and that disabling it would not properly fix the problem, but it should be a useful protection against script kiddies.
Any suid program would quality for a try, if I understood corectly the advisory. A quite idea would be just to write a really simple kernel module to hook sys_ptrace to do nothing. Only root can add or remove modules, so a user cannot do much. How about that? -- teodor
Hello,
I was wondering: while SuSE are working on the fixes to these latest kernel problems is it sensible to remove suid privilege from newgrp? What functionality would be lost?
None, actually. If you have users on your system that belong to several groups and need to switch their primary groups every now and then, then you'd need to have the newgrp program setuid root. Otherwise, you should not suffer from the loss of it.
I realise that newgrp is not the culprit and that disabling it would not properly fix the problem, but it should be a useful protection against script kiddies.
Yes. None of the SuSE scripts and suse-specific packages uses the newgrp binary, so you should be safe disabling it (chmod -s `which newgrp`).
Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk
While we're talking about it: We are preparing the updates for the kernel
packages. If you want to test the new kernels, go to
ftp://ftp.suse.com/pub/people/mantel/next/ and chose your kernel rpm. The
one for 2.2.19 is currently missing. :-( Anyway, Hubert Mantel has
included all currently available fixes for both 2.2 and 2.4 series
kernels. The announcement follows by the second half of this week.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
Bob Vickers
-
Roman Drahtmueller
-
Teodor Cimpoesu