[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[linux-security] Re: rh62 suid files

From: Martin Macok <martin macok underground cz>
To: linux-security redhat com
Subject: [linux-security] Re: rh62 suid files
Date: Fri, 28 Jul 2000 12:04:36 +0200

On Fri, Jul 28, 2000 at 10:47:34AM +0200, Leos Bitto wrote:
> > Is /sbin/unix_chkpwd really used and what is it used for? I haven't find
> > anything about it in pam documentation.
> 
> It allows PAM modules (after some sanity checks - use the source, Luke!)
> to access /etc/shadow without further need for uid==0.

Anyway, it should be noted somewhere in pam docs. /sbin/pwdb_chkpwd is
meant there so /sbin/unix_chkpwd could be too.

I wonder there are root setuid binaries completely without documentation.
(I have to download sources from dialup/PPP :\ )

> > What is /usr/bin/sperl5.00503 (suidperl) being used for? Why this doesn't
> > have a manpage? Is it necessary?
> 
> It is necessary for perl to be able to properly execute scripts with suid
> bit set. Again: if you don't need that, feel free to delete suidperl.

As somebody noted in private mail, man perlsec explains it clearly. I vote
for linking suidperl->sperl->perlsec manpage ...

(just an OLD HISTORY note for interested:
http://www.cert.org/advisories/CA-97.17.sperl.html)

> > According to glibc documentation /usr/libexec/pt_chown doesn't need to be
> > setuid nor is not used at all on RH6.2 (see /usr/doc/glibc-2.1.3/INSTALL),
> > why does RH6.2 ships it setuid root?
> 
> /usr/libexec/pt_chown is being used for example by my favorite xterm
> clone, gnome-terminal. Every xterm-alike apllication needs to chown your
> tty. I think that doing it via a small wrapper (pt_chown) is much better
> way than giving suid bit to that whole application.

The documentation I noted (/usr/doc/glibc-2.1.3/INSTALL) says:
...
If you are using a 2.1 or newer Linux kernel with the `devptsfs' or
`devfs' filesystems providing pty slaves, you don't need this program;
otherwise you do.
...

Red Hat 6.x ships with 2.2.x with devptsfs compiled in. AFAIK xterm and
friends (rxvt, xterm, gnome-terminal ...) doesn't need
/usr/libexec/pt_chown, works well without it and they doesn't need to
be root setuid ...

> > Have a nice day
> 
> 2U2 :)

dtto. ;)

P.S. The world is so small ...

-- 
< Martin Mačok        martin macok underground cz           <iso-8859-2> 
  \\. http://kocour.ms.mff.cuni.cz/~macok/  http://underground.cz/ .//
    \\\..           .-=  t.r.u.s.t  n.0  o.n.e  =-.            ..///

Attachment: pgp00001.pgp
Description: PGP signature

References:
- rh62 suid files
  - From: Martin Macok
- [linux-security] Re: rh62 suid files
  - From: Leos Bitto

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]