Security Portal: Shredding Access in the Name of Security: Set UID AuditsJun 26, 2000, 09:27 (1 Talkback[s])
(Other stories by Jay Beale)
"Almost every time I read an article on securing a Unix/Linux box, I find a glaring omission. They all discuss turning off unneeded services, like ftp and telnet, but rarely do they cover the next step of performing a SUID audit. Just as most services are a danger because they often run as root, SUID root programs always run as root. The danger here is that if someone obtains an account on your computer, legitimately or otherwise, SUID root programs present them a potential means for grabbing root access."
"In this article, I'll introduce Linux/Unix file permissions, root privilege and the SUID path to root. Then I'll help you run a SUID audit on your system, using Red Hat 6.2 as an example. While Bastille Linux also runs an audit, there are some really great concepts and practices here for your everyday use; furthermore, you have more options doing this manually. Let's start by discussing Unix/Linux file permissions."