Latest news
Let's discuss suid. Yes, the suid, wich stands for 'Set-user-ID' root programs. As you can guess these programs run as root regardless of who is executing them. The reason suid programs are so dangerous is that interaction with the untrusted user begins before the program is even started. There are many other ways to confuse the program, using things like environment variables, signals, or anything you want. Exactly this 'confusion' of a program is a cause of frequent buffer overflows. More than 50 % of all major security bugs leading to releases of security advisors are accounted to suid programs. And some distributions are shipped with hundreds of these suid programs, most of which you'll probably never use. Of course there are few wich are neccessary, in order that normal user might perform operations wich are normally done by root. Now let's get to the root of the problem...
How can you find out about the suid programs on your system: the thing to do is to get a list of all suid programs on your system and start the boring task of going through them. Unfortunately, I can't tell you here wich you need, might need or don't need. But, again, fear not for logic is your best friend here. Just browse through the list of all suid programs, and find those that you use, sometimes or frequently or never use. But, I must warn you, the list could be looooong. Ok, here we go, type the following line(of course as root):
find / -type f -perm +6000 -ls
And the output, after a while, it depends on the amount of suid programs on your system will resemble something like this.
Now, let's pretend that you want to remove the suid permission on /bin/ping, as you don't plan on using it:
chmod -s /bin/ping
That's it! Feel free to browse through man pages of chmod to find out more if you want (thats 'man chmod'). Now the most annying fact is that you'll have to do it for ALL suid programs that you don't plan on using.
The other issue are files wich don't belong to anyone, or don't belong to a group. These are also dangerous, as they provide more ways to manipulate with your system. Also, an unowned file may be a signal indicating an intruder on your system. Let's find them:
find / -nouser -o -nogroup
Nothing? Heh, that's exactly what we expect! And if you find any, feel free to change the ownership of the file to any user you want, or to delete it. If you want to change the ownership you might want to check out the command 'chown', of course by typing 'man'chown'.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
