Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Linux : Education - Tutorials
LPI certification 102 exam prep, Part 3
ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
4. Security overview
  


Finding SUID/SGID programs page 5 of 21


A malicious user seeking root access will always look for programs on the system that have the SUID or SGID bit set. As we discussed in Part 3 of the LPI 101 series, these bits cause the program to always run as the user or group that owns the file. Sometimes this is required for proper functioning of the program. The problem is that any program may contain a bug that would allow the user to gain privileges if the program is used improperly.

You should consider each program carefully to determine if it needs to have its SUID or SGID bits on. There may be SUID/SGID programs on your system that you don't need at all.

To search for programs of this nature, use the find command. For example, we could start searching for SUID/SGID programs in the /usr directory:


# cd /usr
# find . -type f -perm +6000 -xdev -exec ls {} \;
-rwsr-sr-x    1 root     root       593972 11-09 12:47 ./bin/gpg
-r-xr-sr-x    1 root     man         38460 01-27 22:13 ./bin/man
-rwsr-xr-x    1 root     root        15576 09-29 22:51 ./bin/rcp
-rwsr-xr-x    1 root     root         8256 09-29 22:51 ./bin/rsh
-rwsr-xr-x    1 root     root        29520 01-17 19:42 ./bin/chfn
-rwsr-xr-x    1 root     root        27500 01-17 19:42 ./bin/chsh
-rwsr-xr-x    1 lp       root         8812 01-15 23:21 ./bin/lppasswd
-rwsr-x---    1 root     cron        10476 01-15 22:16 ./bin/crontab

In this list, I've already found a candidate for closer inspection: lppasswd is part of the CUPS printing software distribution. Since I don't provide print services on my system, I might consider removing CUPS, which will also remove the lppasswd program. There may be no security-compromising bugs in lppasswd, but why take the chance on a program I'm not using? Similarly, all services that you don't use should be turned off. You can always enable them if and when you need them.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact