"The open UNIX operating systems FreeBSD and Linux
Mandrake both have integrated shell security systems. The FreeBSD
program is located in /etc/security. The Mandrake Security Package
for Linux can be found in /usr/share/msec . These standard tools
are similar in functionality, but they limit the file system
integrity control to files with SUID and SGID flags. But Mandrake
calculates MD5 file checksums differently from FreeBSD.
Usually a running program gains access to system resources
relative to the program user's rights. Setting up SGID and SUID
flags changes this so that the access rights are assigned according
to a file owner's rights. Thus, a running executable owned by root
gets unlimited access to system resources regardless of the
program's user. In this case, setting SUID and SGID flags cause
inheritance of file owner's rights and group owner's rights
respectively. Privileges are then changed (usually extended) only
for the run time and only for the program. Other processes launched
by the application also inherit its rights. Therefore, SUID and
SGID flags should be set with caution and only for those programs
that can not launch arbitrary tasks.
Tracing modifications made to new system files with SGID/SUID
flags is an extremely difficult task. But with enough experience
and caution, system services and settings can be modified without
changing standard file attributes (usually an administrator pays
attention to the dates a file was created and modified). The
following program traces changes made to all the files of a
specified directory using an integrity test based on MD5 checksum,
which prevents modifications from being masked."
