Suid programs, getting to the root of the problem

There are always some little touches left to make your linux even a bit more secure, involving suid, nouser, sudo and etc. Now, this article is newbie friendly, but it also requires some small amount of knowledge. Fear not, for I shall explain everything as painfully as I can. So sit back, grab yourself your favorite drink, some peanuts and relax. 3,2,1…

Let’s discuss suid. Yes, the suid, wich stands for ‘Set-user-ID’ root programs. As you can guess these programs run as root regardless of who is executing them. The reason suid programs are so dangerous is that interaction with the untrusted user begins before the program is even started. There are many other ways to confuse the program, using things like environment variables, signals, or anything you want. Exactly this ‘confusion’ of a program is a cause of frequent buffer overflows. More than 50 % of all major security bugs leading to releases of security advisors are accounted to suid programs. And some distributions are shipped with hundreds of these suid programs, most of which you’ll probably never use. Of course there are few wich are neccessary, in order that normal user might perform operations wich are normally done by root. Now let’s get to the root of the problem…

How can you find out about the suid programs on your system: the thing to do is to get a list of all suid programs on your system and start the boring task of going through them. Unfortunately, I can’t tell you here wich you need, might need or don’t need. But, again, fear not for logic is your best friend here. Just browse through the list of all suid programs, and find those that you use, sometimes or frequently or never use. But, I must warn you, the list could be looooong. Ok, here we go, type the following line(of course as root):

find / -type f -perm +6000 -ls

And the output, after a while, it depends on the amount of suid programs on your system will resemble something like this.

Now, let’s pretend that you want to remove the suid permission on /bin/ping, as you don’t plan on using it:

chmod -s /bin/ping

That’s it! Feel free to browse through man pages of chmod to find out more if you want (thats ‘man chmod’). Now the most annying fact is that you’ll have to do it for ALL suid programs that you don’t plan on using.

The other issue are files wich don’t belong to anyone, or don’t belong to a group. These are also dangerous, as they provide more ways to manipulate with your system. Also, an unowned file may be a signal indicating an intruder on your system. Let’s find them:

find / -nouser -o -nogroup

Nothing? Heh, that’s exactly what we expect! And if you find any, feel free to change the ownership of the file to any user you want, or to delete it. If you want to change the ownership you might want to check out the command ‘chown’, of course by typing ‘man’chown’.

Now, the last but especially not the least important, the sudo. By configuring sudo you can enable normal users (any user other than root) to perform certain action usually reserved for root. Did you ever want to shutdown your PC as a normal, average user (this is for example purposes only, as I don’t recommend it for security reasons) or perform any other action? Well thats exactly why I recommend configuring sudo. The file /etc/sudoers contains all that information. Now, as describing sudo and sudoers could eat up more than an article I’m not going to describe and talk more about it, I’ll leave that to you, remember, man pages are your friend, so ‘man sudo’ ‘man sudoers’ and in one afternoon you’ll fix it perfectly. Problems? Don’t have sudo? Just go here and download it. Keep exploring!

Don't miss