[ Thanks to LogError for this link.
]
“Here we go again. There are still some little touches left to
make your linux even a bit more secure, involving suid, nouser,
sudo and etc. Now, this article is also newbie friendly, but also
it requires some small amount of knowledge. Fear not, for I shall
explain everything as painfully as I can. So sit back, grab
yourself your favorite drink, some peanuts and relax. 3,2,1…”
“As I have written in my previous article “Securing a default
Linux distribution”… there’s no such thing as an absolute
security. Now that you’re aware of this let’s discuss suid. Yes,
the suid, wich stands for ‘Set-user-ID’ root programs. As
you can guess these programs run as root regardless of who is
executing them. The reason suid programs are so dangerous is that
interaction with the untrusted user begins before the program is
even started. There are many other ways to confuse the
program, using things like environment variables, signals, or
anything you want. Exactly this ‘confusion’ of a program is a cause
of frequent buffer overflows. More than 50 % of all major security
bugs leading to releases of security advisors are accounted to suid
programs. And some distributions are shipped with hundreds of these
suid programs, most of which you’ll probably never use. Of course
there are few wich are neccessary, in order that normal user might
perform operations wich are normally done by root. Now let’s get to
the root of the problem…”
“How can you find out about the suid programs on your system:
the thing to do is to get a list of all suid programs on your
system and start the boring task of going through them.
Unfortunately, I can’t tell you here wich you need, might need or
don’t need. But, again, fear not for logic is your best friend
here. Just browse through the list of all suid programs, and find
those that you use, sometimes or frequently or never use. But, I
must warn you, the list could be looooong.”