Subject: Re: kde2 adds a *lot* of setuid-root programs!!!!
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Jasper Wallace <jasper@pointless.net>
List: tech-security
Date: 05/24/2001 19:46:03
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 24 May 2001, Greg A. Woods@planix.com Greg A. Woods wrote:
> Has anyone audited even half of these? From the names of them it
> doesn't seem like most should even have to be setuid, let alone setuid-root!
>
> Checking setuid files and devices:
> Setuid additions:
> -r-sr-xr-x 1 root wheel 92637 May 23 12:00:21 2001 /opt/pkg/bin/kbanner.kss
> -r-sr-xr-x 1 root wheel 77226 May 23 12:00:22 2001 /opt/pkg/bin/kblankscrn.kss
> -r-sr-xr-x 1 root wheel 87986 May 23 12:00:27 2001 /opt/pkg/bin/kblob.kss
> -r-sr-xr-x 1 root wheel 91273 May 23 12:00:28 2001 /opt/pkg/bin/kbouboule.kss
> -r-sr-xr-x 1 root wheel 118280 May 23 12:00:31 2001 /opt/pkg/bin/kbsod.kss
> -rwsr-xr-x 1 root wheel 8980 May 23 11:51:34 2001 /opt/pkg/bin/kcheckpass
> -rwxr-sr-x 1 root nogroup 104831 May 23 11:53:39 2001 /opt/pkg/bin/kdesud
> -r-sr-xr-x 1 root wheel 84545 May 23 12:00:25 2001 /opt/pkg/bin/khop.kss
> -r-sr-xr-x 1 root wheel 85906 May 23 12:00:21 2001 /opt/pkg/bin/klines.kss
> -r-sr-xr-x 1 root wheel 86161 May 23 12:00:32 2001 /opt/pkg/bin/klorenz.kss
> -r-sr-xr-x 1 root wheel 107163 May 23 12:00:25 2001 /opt/pkg/bin/kmatrix.kss
> -rwsr-xr-x 1 root wheel 8043 May 23 12:00:07 2001 /opt/pkg/bin/konsole_grantpty
> -r-sr-xr-x 1 root wheel 94737 May 23 12:00:19 2001 /opt/pkg/bin/kpolygon.kss
> -rwsr-xr-x 1 root wheel 552770 May 23 17:11:03 2001 /opt/pkg/bin/kppp
> -r-sr-xr-x 1 root wheel 86248 May 23 12:00:24 2001 /opt/pkg/bin/kpyro.kss
> -r-sr-xr-x 1 root wheel 51443 May 23 12:00:30 2001 /opt/pkg/bin/krandom.kss
> -r-sr-xr-x 1 root wheel 89002 May 23 12:00:23 2001 /opt/pkg/bin/krock.kss
> -r-sr-xr-x 1 root wheel 106939 May 23 12:00:28 2001 /opt/pkg/bin/kscience.kss
> -r-sr-xr-x 1 root wheel 95349 May 23 12:00:29 2001 /opt/pkg/bin/kslidescreen.kss
> -r-sr-xr-x 1 root wheel 108755 May 23 12:00:31 2001 /opt/pkg/bin/kslideshow.kss
> -r-sr-xr-x 1 root wheel 84352 May 23 12:00:20 2001 /opt/pkg/bin/kswarm.kss
> -r-sr-xr-x 1 root wheel 23487 May 23 12:00:41 2001 /opt/pkg/bin/ksysguardd
> -r-sr-xr-x 1 root wheel 108096 May 23 12:00:26 2001 /opt/pkg/bin/kvm.kss
>
> very Very VERY scary! some are *HUGE*!
>
> what the heck is a .kss anyway?
screensaver.
I guess they need to be setuid root to check the users password for when
they lock the screen.
It wouldn't surprise me if they where using a wrapper lib aroind the basic
screen saver module which droped privs when needed, but yes, it is
worrying...
- --
"The aurochs was the great, black bull that was painted on cave
walls alongside bison and mammoths by tacky prehistoric minimalist
artists who had no sense whatsoever of modeling or perspective."
[see: http://www.aristotle.net/~swarmack/aurochs.html] [0x2ECA0975]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (NetBSD)
Comment: For info see http://www.gnupg.org
iQEVAwUBOw1W7gCB+Qwuygl1AQFxYwf+ITcMdz8mrLiqr1/NmIPBgdlxZEK9JG5Q
amzhR45bePDS9H+Jc/Smj4GehMELwnOYyfxzJShKlFHiLwgn1crt9cy06ue8WFQa
auDk21rkflk4a7R2KeGJ9RSRkTEN7xO5wlXjQp7CmVSIi6Rbx4r8evnF6qAOczFh
4grqvfXtlMAyZhvxJBNKG11bi3Fe/2pqiGQUp08IFBZQlcaA7RPwHucZO7kwV3iD
OOU18WbPOOHhIjxLjH0xYI3nHB5F2EzugU6xu3NEldznh5MfXAXb4epzT5ZfDr8J
CiSDGnPaHZST7biLSBk3DzKDjAgLzOU2jjn73nIy7i8PiVdhHm1Awg==
=0wTF
-----END PGP SIGNATURE-----