tech-security: kde2 adds a *lot* of setuid-root programs!!!!

Subject: kde2 adds a *lot* of setuid-root programs!!!!
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Greg A. Woods@planix.com Greg A. Woods <woods@weird.com>
List: tech-security
Date: 05/24/2001 13:38:46

Has anyone audited even half of these?  From the names of them it
doesn't seem like most should even have to be setuid, let alone setuid-root!

Checking setuid files and devices:
Setuid additions:
-r-sr-xr-x 1 root wheel 92637 May 23 12:00:21 2001 /opt/pkg/bin/kbanner.kss
-r-sr-xr-x 1 root wheel 77226 May 23 12:00:22 2001 /opt/pkg/bin/kblankscrn.kss
-r-sr-xr-x 1 root wheel 87986 May 23 12:00:27 2001 /opt/pkg/bin/kblob.kss
-r-sr-xr-x 1 root wheel 91273 May 23 12:00:28 2001 /opt/pkg/bin/kbouboule.kss
-r-sr-xr-x 1 root wheel 118280 May 23 12:00:31 2001 /opt/pkg/bin/kbsod.kss
-rwsr-xr-x 1 root wheel 8980 May 23 11:51:34 2001 /opt/pkg/bin/kcheckpass
-rwxr-sr-x 1 root nogroup 104831 May 23 11:53:39 2001 /opt/pkg/bin/kdesud
-r-sr-xr-x 1 root wheel 84545 May 23 12:00:25 2001 /opt/pkg/bin/khop.kss
-r-sr-xr-x 1 root wheel 85906 May 23 12:00:21 2001 /opt/pkg/bin/klines.kss
-r-sr-xr-x 1 root wheel 86161 May 23 12:00:32 2001 /opt/pkg/bin/klorenz.kss
-r-sr-xr-x 1 root wheel 107163 May 23 12:00:25 2001 /opt/pkg/bin/kmatrix.kss
-rwsr-xr-x 1 root wheel 8043 May 23 12:00:07 2001 /opt/pkg/bin/konsole_grantpty
-r-sr-xr-x 1 root wheel 94737 May 23 12:00:19 2001 /opt/pkg/bin/kpolygon.kss
-rwsr-xr-x 1 root wheel 552770 May 23 17:11:03 2001 /opt/pkg/bin/kppp
-r-sr-xr-x 1 root wheel 86248 May 23 12:00:24 2001 /opt/pkg/bin/kpyro.kss
-r-sr-xr-x 1 root wheel 51443 May 23 12:00:30 2001 /opt/pkg/bin/krandom.kss
-r-sr-xr-x 1 root wheel 89002 May 23 12:00:23 2001 /opt/pkg/bin/krock.kss
-r-sr-xr-x 1 root wheel 106939 May 23 12:00:28 2001 /opt/pkg/bin/kscience.kss
-r-sr-xr-x 1 root wheel 95349 May 23 12:00:29 2001 /opt/pkg/bin/kslidescreen.kss
-r-sr-xr-x 1 root wheel 108755 May 23 12:00:31 2001 /opt/pkg/bin/kslideshow.kss
-r-sr-xr-x 1 root wheel 84352 May 23 12:00:20 2001 /opt/pkg/bin/kswarm.kss
-r-sr-xr-x 1 root wheel 23487 May 23 12:00:41 2001 /opt/pkg/bin/ksysguardd
-r-sr-xr-x 1 root wheel 108096 May 23 12:00:26 2001 /opt/pkg/bin/kvm.kss

very Very VERY scary!  some are *HUGE*!

what the heck is a .kss anyway?

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>