Subject: Re: NetBSD 1.5.2 default configuration
To: Wojciech Bojdol <wojboj@htcon.pl>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: tech-security
Date: 02/03/2002 14:12:31
On Sun, Feb 03, 2002 at 10:57:16AM +0100, Wojciech Bojdol wrote:
> 
> On Sat, Feb 02, 2002 at 07:01:08PM +0100, Manuel Bouyer wrote:
> > As it runs with no port open, it's not that much of a problem.
> 
> But it could be when we open ports like ssh.

Sorry I don't understant. ssh isn't started from inetd.

> 
> > > For example:
> > > 
> > > /bin/df is sgid operator - yet appears to operate fine without this.
> > 
> > This is so that you can run df on an unmounted filesystem
> 
> But only administrator or operator should do that.

Why ?

> I think it's better to make special group for that and (as it would be run
> manually) make one df without suid and another with suid.
> The second one will have perms r-sr-x---, and will be in group operator.
> 
> > > /sbin/{r,}dump{,_lfs} are sgid tty - this again (to me) doesn't seem
> > > necessary.
> > This is for 'dump -n' to work.
> 
> Dump is another program that should be used only by people in group
> operator.

Again, why ?
And this is not possible as dump has to be sgid ttys

> 
> > > /usr/sbin/pppd,
> > 
> > You don't have to be root to run pppd.
> 
> But you can be in group ppp if you have to.
> 
> I know that we can have fully-functional system or secure system and I'm
> working on a small script, that could make NetBSD more secure,
> but will take some of functionality.
> When you want to have secure system - You have only to run that script and
> perms for many files will be changed.
> First version of that script can be found at
> http://www.htcon.pl/~wojboj/securesystem

You don't secure a system by removing suid bits, but my removing binaries that
you don't need, and check permissions on the ones that you left.
This can't be done in a generic way, it depends on the application.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--