Net-Security.org: Suid programs, getting to the root of the problemOct 16, 2000, 15:45 (1 Talkback[s])
(Other stories by Aleksandar Stancin)
[ Thanks to LogError for this link. ]
"Here we go again. There are still some little touches left to make your linux even a bit more secure, involving suid, nouser, sudo and etc. Now, this article is also newbie friendly, but also it requires some small amount of knowledge. Fear not, for I shall explain everything as painfully as I can. So sit back, grab yourself your favorite drink, some peanuts and relax. 3,2,1..."
"As I have written in my previous article "Securing a default Linux distribution"... there's no such thing as an absolute security. Now that you're aware of this let's discuss suid. Yes, the suid, wich stands for 'Set-user-ID' root programs. As you can guess these programs run as root regardless of who is executing them. The reason suid programs are so dangerous is that interaction with the untrusted user begins before the program is even started. There are many other ways to confuse the program, using things like environment variables, signals, or anything you want. Exactly this 'confusion' of a program is a cause of frequent buffer overflows. More than 50 % of all major security bugs leading to releases of security advisors are accounted to suid programs. And some distributions are shipped with hundreds of these suid programs, most of which you'll probably never use. Of course there are few wich are neccessary, in order that normal user might perform operations wich are normally done by root. Now let's get to the root of the problem..."
"How can you find out about the suid programs on your system: the thing to do is to get a list of all suid programs on your system and start the boring task of going through them. Unfortunately, I can't tell you here wich you need, might need or don't need. But, again, fear not for logic is your best friend here. Just browse through the list of all suid programs, and find those that you use, sometimes or frequently or never use. But, I must warn you, the list could be looooong."