Learn about Quintum's remote office and possibly win a $100 American Express® Gift Cheque! Click Here

^ click above ^

Let's discuss suid. Yes, the suid, which stands for 'Set-user-ID' root programs. As you can guess these programs run as root regardless of who is executing them. The reason suid programs are so dangerous is that interaction with the untrusted user begins before the program is even started. There are many other ways to confuse the program, using things like environment variables, signals, or anything you want. Exactly this 'confusion' of a program is a cause of frequent buffer overflows. More than 50 % of all major security bugs leading to releases of security advisors are due to suid programs. And some distributions are shipped with hundreds of these suid programs, most of which you'll probably never use. Of course there are few which are neccessary, in order that normal users can perform operations which are normally done by root. Now let's get to the root of the problem...

How can you find out about the suid programs on your system? The first thing to do is to get a list of all suid programs on your system and start the boring task of going through them. Unfortunately, I can't tell you here which you need, might need or don't need. But, again, fear not for logic is your best friend here. Just browse through the list of all suid programs, and find those that you use, sometimes or frequently or never use. But, I must warn you, the list could be looooong. Ok, here we go, type the following line(of course as root):

find / -type f -perm +6000 -ls

And the output, after awhile, depending on the number of suid programs on your system, will display.

Username:   Email:   Password: Confirm Password:   Join our new networking forums at WebProWorld! Ask your toughest networking questions or help your peers solve their issues.

Topics   Replies   Author  RedHat 6.0 5 dmcgill MySql Security 0 Delia hacking articles 1 Jackie

Now, let's pretend that you want to remove the suid permission on /bin/ping, as you don't plan on using it:

chmod -s /bin/ping

That's it! Feel free to browse through man pages of chmod to find out more if you want (thats 'man chmod'). Now the most annying fact is that you'll have to do it for ALL suid programs that you don't plan on using.

The other issue are files which don't belong to anyone, or don't belong to a group. These are also dangerous, as they provide more ways to manipulate your system. Also, an unowned file may be a signal indicating an intruder on your system. Let's find them:

find / -nouser -o -nogroup

Nothing? Heh, that's exactly what we expect! And if you find any, feel free to change the ownership of the file to any user you want, or to delete it. If you want to change the ownership you might want to check out the command 'chown', of course by typing 'man'chown'.

Now, the last but especially not the least important, the sudo. By configuring sudo you can enable normal users (any user other than root) to perform certain action usually reserved for root. Did you ever want to shutdown your PC as a normal, average user (this is for example purposes only, as I don't recommend it for security reasons) or perform any other action? Well thats exactly why I recommend configuring sudo. The file /etc/sudoers contains all that information. Now, as describing sudo and sudoers could eat up more space than easily covered by an article, I'm not going to describe and talk more about it, I'll leave that to you, remember, man pages are your friend, so 'man sudo' 'man sudoers' and in one afternoon you'll fix it perfectly. Problems? Don't have sudo? Just go here and download it. Keep exploring!

First appeared at Help Net Security