netbsd-help: Re: setuid files

Subject: Re: setuid files
To: Daniel Eggert <eggert@macvaerk.dtu.dk>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-help
Date: 04/24/2003 09:00:57
On Thu, 24 Apr 2003, Daniel Eggert wrote:

> I got this in my daily output. Should I worry? What's the deal with
> setuid for these binaries?

You should worry after you review it and know that the setuid/setgid
program was not from the upgrade.

I won't answer for all of these, some searches may have answers for each
one.

> -r-sr-xr--  1  root  operator  342912  Apr  23  06:28:38  2003
> /sbin/shutdown

A user in group operator can run shutdown which will be execute with root
privileges to do the shutdown.

> -r-sr-xr-x  4  root  wheel     23876   Apr  23  06:29:21  2003
> /usr/bin/atrm

A user can run atrm (and batch, atq and at) to delete (queue or examine)
their job.

> -r-sr-xr-x  3  root  wheel     22584   Apr  23  06:29:39  2003
> /usr/bin/chfn

A regular user can use chfn (and chpass and chsh) to update their own
user database info in the master.passwd file. It is executed with
superuser privileges so this file can be modified.

> -r-sr-xr-x  1  root  wheel     28004   Apr  23  06:29:50  2003
> /usr/bin/crontab

A regular user can maintain their own personal crontabs.

> -r-sr-xr-x  1  root  wheel     28660   Apr  23  06:30:47  2003
> /usr/bin/login

> -r-sr-xr-x  2  root  wheel     20512   Apr  23  06:31:18  2003
> /usr/bin/passwd

A regular user can change their password in the secure master.passwd file.

> -r-sr-xr-x  1  root  wheel     18036   Apr  23  06:31:48  2003
> /usr/bin/su

Like login, it needs root privileges to authenticate and to set the user
(and group) for the new user.

> -r-xr-sr-x  1  root  kmem      38112   Apr  23  06:32:32  2003
> /usr/bin/vmstat

Runs as group kmem so it can access /dev/kmem (which is readable by group
kmem).

> -r-xr-sr-x  1  root  games     186916  Apr  23  06:26:17  2003
> /usr/games/battlestar

Games often run as group games so scores can be recorded, but regular
users can't modify :)

> -r-xr-sr-x  1  root  maildrop  93252   Apr  23  06:23:53  2003
> /usr/sbin/postdrop

Needs to be setgid so a regular user can get their mail into postfix's
maildrop directory (versus having the directory writable by everyone).

Anyways, some setuid/setgid tools can be rewritten to get rid of their
enhanced privileges.

   Jeremy C. Reed
   http://bsd.reedmedia.net/