Mailinglist Archive: opensuse-security (423 mails)
| < Previous | Next > |
SUID/SGID after harden_SuSE
- From: Corvin Russell <corvinr@xxxxxxxxxxxx>
- Date: Mon, 26 Mar 2001 13:45:10 -0500
- Message-id: <20010326134510.A23507@xxxxxxxxxxxxxxxxxxxxxx>
Hello all,
I have run harden_suse on my box, and answered "yes" to all its prompts.
The following files are still suid/sgid: do all of them need to be?
TIA
Corvin
+ -rwsr-x--- 1 root audio 14880 Mar 22 05:34 /bin/eject
+ -rwsr-xr-x 1 root root 67236 Mar 22 03:51 /bin/mount
+ -rwsr-xr-x 1 root root 20908 Mar 22 03:52 /bin/ping
+ -rwsr-xr-x 1 root root 19636 Mar 22 04:04 /bin/ping6
+ -rwsr-xr-x 1 root root 22594 Mar 22 03:51 /bin/su
+ -rwsr-xr-x 1 root root 34568 Mar 22 03:51 /bin/umount
+ -rwxr-sr-x 1 root shadow 10967 Mar 23 02:26 /opt/kde2/bin/kcheckpass
+ -rwxr-sr-x 1 root nogroup 82968 Mar 23 02:26 /opt/kde2/bin/kdesud
+ -rwxr-sr-x 1 root tty 3772 Mar 23 02:26 /opt/kde2/bin/konsole
+ -rwsr-xr-x 1 root root 5344 Mar 23 02:26 /opt/kde2/bin/konsole_grantpty
+ -rwsr-x--- 1 root trusted 15501 Mar 22 05:34 /sbin/cardctl
+ -rwxr-sr-x 1 root shadow 20261 Mar 22 03:50 /sbin/unix_chkpwd
+ -rws--x--x 1 root root 1773168 Mar 22 04:08 /usr/X11R6/bin/XFree86
+ -rwsr-xr-x 1 root root 7560 Mar 22 04:08 /usr/X11R6/bin/Xwrapper
+ -rwxr-sr-x 1 root tty 95456 Mar 22 04:10 /usr/X11R6/bin/wterm
+ -rwxr-sr-x 1 root shadow 1119648 Mar 22 04:10 /usr/X11R6/bin/xlock
+ -rwxr-sr-x 1 root tty 276828 Mar 23 02:14 /usr/X11R6/bin/xterm
+ -rwsr-x--- 1 root trusted 35868 Mar 22 05:34 /usr/bin/at
+ -rwsr-x--- 1 root trusted 27032 Mar 22 05:34 /usr/bin/bing
+ -rwsr-xr-x 1 root shadow 34460 Mar 22 04:46 /usr/bin/chage
+ -rwsr-xr-x 1 root shadow 28184 Mar 22 04:46 /usr/bin/chfn
+ -rwsr-xr-x 1 root shadow 26000 Mar 22 04:46 /usr/bin/chsh
+ -rwsr-x--- 1 root trusted 22560 Mar 22 05:34 /usr/bin/crontab
+ -rwsr-xr-x 1 root shadow 18360 Mar 22 04:46 /usr/bin/expiry
+ -rwsr-x--- 1 root trusted 37076 Mar 22 05:34 /usr/bin/gpasswd
+ -rwsr-xr-x 1 man root 92512 Mar 22 03:50 /usr/bin/man
+ -rwsr-xr-x 1 root root 21432 Mar 22 03:51 /usr/bin/newgrp
+ -rwsr-xr-x 1 root shadow 26780 Mar 22 03:51 /usr/bin/passwd
+ -rwsr-xr-x 1 root root 15544 Mar 22 03:52 /usr/bin/rcp
+ -rwsr-xr-x 1 root root 11160 Mar 22 03:52 /usr/bin/rlogin
+ -rwsr-xr-x 1 root root 8304 Mar 22 03:52 /usr/bin/rsh
+ -rwsr-xr-x 1 root root 85432 Mar 22 03:53 /usr/bin/sudo
+ -rwsr-x--- 1 root trusted 8856 Mar 22 05:34 /usr/bin/ziptool
+ -rwsr-xr-x 1 root root 5856 Mar 22 03:50 /usr/lib/pt_chown
+ -rwxr-sr-x 1 root maildrop 77277 Mar 24 00:06 /usr/sbin/postdrop
+ -rwsr-s--- 1 root dialout 176288 Mar 22 05:34 /usr/sbin/pppd
+ -rwsr-s--- 1 root dialout 5324 Mar 23 02:40 /usr/sbin/pppoedsp
+ -rwsr-xr-x 1 root root 20408 Mar 22 04:04 /usr/sbin/traceroute
--
Corvin Russell <corvinr@xxxxxxxxxxxx>
I have run harden_suse on my box, and answered "yes" to all its prompts.
The following files are still suid/sgid: do all of them need to be?
TIA
Corvin
+ -rwsr-x--- 1 root audio 14880 Mar 22 05:34 /bin/eject
+ -rwsr-xr-x 1 root root 67236 Mar 22 03:51 /bin/mount
+ -rwsr-xr-x 1 root root 20908 Mar 22 03:52 /bin/ping
+ -rwsr-xr-x 1 root root 19636 Mar 22 04:04 /bin/ping6
+ -rwsr-xr-x 1 root root 22594 Mar 22 03:51 /bin/su
+ -rwsr-xr-x 1 root root 34568 Mar 22 03:51 /bin/umount
+ -rwxr-sr-x 1 root shadow 10967 Mar 23 02:26 /opt/kde2/bin/kcheckpass
+ -rwxr-sr-x 1 root nogroup 82968 Mar 23 02:26 /opt/kde2/bin/kdesud
+ -rwxr-sr-x 1 root tty 3772 Mar 23 02:26 /opt/kde2/bin/konsole
+ -rwsr-xr-x 1 root root 5344 Mar 23 02:26 /opt/kde2/bin/konsole_grantpty
+ -rwsr-x--- 1 root trusted 15501 Mar 22 05:34 /sbin/cardctl
+ -rwxr-sr-x 1 root shadow 20261 Mar 22 03:50 /sbin/unix_chkpwd
+ -rws--x--x 1 root root 1773168 Mar 22 04:08 /usr/X11R6/bin/XFree86
+ -rwsr-xr-x 1 root root 7560 Mar 22 04:08 /usr/X11R6/bin/Xwrapper
+ -rwxr-sr-x 1 root tty 95456 Mar 22 04:10 /usr/X11R6/bin/wterm
+ -rwxr-sr-x 1 root shadow 1119648 Mar 22 04:10 /usr/X11R6/bin/xlock
+ -rwxr-sr-x 1 root tty 276828 Mar 23 02:14 /usr/X11R6/bin/xterm
+ -rwsr-x--- 1 root trusted 35868 Mar 22 05:34 /usr/bin/at
+ -rwsr-x--- 1 root trusted 27032 Mar 22 05:34 /usr/bin/bing
+ -rwsr-xr-x 1 root shadow 34460 Mar 22 04:46 /usr/bin/chage
+ -rwsr-xr-x 1 root shadow 28184 Mar 22 04:46 /usr/bin/chfn
+ -rwsr-xr-x 1 root shadow 26000 Mar 22 04:46 /usr/bin/chsh
+ -rwsr-x--- 1 root trusted 22560 Mar 22 05:34 /usr/bin/crontab
+ -rwsr-xr-x 1 root shadow 18360 Mar 22 04:46 /usr/bin/expiry
+ -rwsr-x--- 1 root trusted 37076 Mar 22 05:34 /usr/bin/gpasswd
+ -rwsr-xr-x 1 man root 92512 Mar 22 03:50 /usr/bin/man
+ -rwsr-xr-x 1 root root 21432 Mar 22 03:51 /usr/bin/newgrp
+ -rwsr-xr-x 1 root shadow 26780 Mar 22 03:51 /usr/bin/passwd
+ -rwsr-xr-x 1 root root 15544 Mar 22 03:52 /usr/bin/rcp
+ -rwsr-xr-x 1 root root 11160 Mar 22 03:52 /usr/bin/rlogin
+ -rwsr-xr-x 1 root root 8304 Mar 22 03:52 /usr/bin/rsh
+ -rwsr-xr-x 1 root root 85432 Mar 22 03:53 /usr/bin/sudo
+ -rwsr-x--- 1 root trusted 8856 Mar 22 05:34 /usr/bin/ziptool
+ -rwsr-xr-x 1 root root 5856 Mar 22 03:50 /usr/lib/pt_chown
+ -rwxr-sr-x 1 root maildrop 77277 Mar 24 00:06 /usr/sbin/postdrop
+ -rwsr-s--- 1 root dialout 176288 Mar 22 05:34 /usr/sbin/pppd
+ -rwsr-s--- 1 root dialout 5324 Mar 23 02:40 /usr/sbin/pppoedsp
+ -rwsr-xr-x 1 root root 20408 Mar 22 04:04 /usr/sbin/traceroute
--
Corvin Russell <corvinr@xxxxxxxxxxxx>
| < Previous | Next > |