Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Which one od file sould not have suid set
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
txykumat
Tux's lil' helper
Tux's lil' helper


Joined: 24 Nov 2014
Posts: 104

PostPosted: Mon May 15, 2017 4:45 pm    Post subject: Which one od file sould not have suid set Reply with quote

and hence i should issue
Code:
chmod -s

on it? here is the list
Code:
-rws--x--- 1 video 29424 Apr 27 01:38 /opt/bin/nvidia-modprobe
-r-s--x--x 1 root 14768 Apr 18 02:20 /opt/VirtualBox/VBoxNetAdpCtl
-r-s--x--x 1 root 150096 Apr 18 02:20 /opt/VirtualBox/VBoxHeadless
-r-s--x--x 1 root 10544 Apr 18 02:20 /opt/VirtualBox/VBoxVolInfo
-r-s--x--x 1 root 154192 Apr 18 02:20 /opt/VirtualBox/VirtualBox
-r-s--x--x 1 root 150088 Apr 18 02:20 /opt/VirtualBox/VBoxSDL
-r-s--x--x 1 root 150096 Apr 18 02:20 /opt/VirtualBox/VBoxNetNAT
-r-s--x--x 1 root 150096 Apr 18 02:20 /opt/VirtualBox/VBoxNetDHCP
-rws--x--- 1 messagebus 56624 May  3 09:35 /usr/libexec/dbus-daemon-launch-helper
-rwxr-s--x 1 utmp 14816 Apr 26 17:48 /usr/libexec/gnome-pty-helper
-rws--x--x 1 root 11019 May 10 01:06 /usr/lib64/kde4/libexec/fileshareset
-rws--x--x 1 root 11019 Dec 10 07:32 /usr/lib64/libexec/kf5/fileshareset
-rwxr-s--x 1 nogroup 60496 Apr 26 21:20 /usr/lib64/libexec/kf5/kdesud
-rws--x--x 1 root 14648 Apr 26 19:08 /usr/lib64/polkit-1/polkit-agent-helper-1
-rwxr-s--x 1 utmp 10024 Apr 26 17:23 /usr/lib64/misc/utempter/utempter
-rws--x--x 1 root 18184 May 14 13:12 /usr/lib64/chromium-browser/chrome-sandbox
-rws--x--x 1 mail 56576 May 15 09:24 /usr/sbin/maidag
-rws--x--x 1 nullmail 22768 Apr 26 21:09 /usr/sbin/nullmailer-queue
-r-s--x--x 1 root 335088 Apr 19 18:23 /usr/sbin/pppd
-rws--x--x 1 root 41256 Apr 26 22:00 /usr/bin/chsh
-rws--x--x 1 root 23160 Apr 26 19:08 /usr/bin/pkexec
-rwsr-s--x 1 man 104480 Apr 26 21:17 /usr/bin/man
-rws--x--x 1 root 121976 May 10 16:55 /usr/bin/sudo
-rwxr-s--x 1 crontab 44400 Apr 26 17:46 /usr/bin/crontab
-rwsr-s--x 1 man 122720 Apr 26 21:17 /usr/bin/mandb
-rwxr-s--x 1 mail 11272 May 15 09:24 /usr/bin/dotlock
-rws--x--x 1 nullmail 18640 Apr 26 21:09 /usr/bin/mailq
-rws--x--x 1 root 2205544 Apr 28 17:22 /usr/bin/Xorg
-rws--x--x 1 root 31232 Apr 26 17:43 /usr/bin/fusermount
-rws--x--x 1 root 36896 Apr 26 22:00 /usr/bin/newgrp
-rws--x--x 1 root 46824 Apr 26 22:00 /usr/bin/chfn
-rws--x--x 1 root 60448 Apr 26 22:00 /usr/bin/chage
-rwxr-s--x 1 mail 14664 May 15 09:22 /usr/bin/dotlockfile
-rws--x--x 1 root 68584 Apr 26 22:00 /usr/bin/gpasswd
-rws--x--x 1 root 23312 Apr 26 22:00 /usr/bin/expiry
-rws--x--x 1 root 31176 Apr 26 21:59 /sbin/unix_chkpwd
-rws--x--x 1 root 27392 Apr 29 18:30 /bin/umount
-rws--x--x 1 root 37344 Apr 26 22:00 /bin/su
-rws--x--x 1 root 39936 Apr 29 18:30 /bin/mount
-rws--x--x 1 root 52384 Apr 26 22:00 /bin/passwd


Thank you!
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon May 15, 2017 9:11 pm    Post subject: Reply with quote

txykumat ... that depends, ie, should user be able to use ping{,6}, etc. You should probably look to FEATURES="suidctl" (see: 'man make.conf'), and so can set these via /etc/portage/suidctl.conf. In my case I have the following (basically only 'su', 'postdrop', and 'postqueue' are suid) ...

/etc/portage/suidctl.conf:
## -rws--x--x 1 root root 14K 2013-09-08 17:41 /usr/sbin/traceroute6
#/usr/sbin/traceroute6
## -rws--x--x 1 root root 43K 2013-09-08 17:41 /bin/ping6
#/bin/ping6
## -rws--x--x 1 root root 38K 2013-09-08 17:41 /bin/ping
#/bin/ping
## -rws--x--x 1 root root 57K 2013-09-08 17:45 /usr/bin/gpasswd
#/usr/bin/gpasswd
## -rws--x--x 1 root root 18K 2013-09-08 17:45 /usr/bin/expiry
#/usr/bin/expiry
## -rws--x--x 1 root root 35K 2013-09-08 17:45 /usr/bin/chsh
#/usr/bin/chsh
## -rws--x--x 1 root root 49K 2013-09-08 17:45 /usr/bin/chage
#/usr/bin/chage
## -rws--x--x 1 root root 40K 2013-09-08 17:45 /usr/bin/chfn
#/usr/bin/chfn
## -rws--x--x 1 root root 27K 2013-09-08 17:45 /usr/bin/newgrp
#/usr/bin/newgrp
## -rws--x--x 1 root root 41K 2013-09-08 17:45 /bin/passwd
#/bin/passwd
## -rws--x--x 1 root root 31K 2013-09-08 17:45 /bin/su
/bin/su
## -rws--x--x 1 root root 244K 2013-09-08 17:55 /usr/lib/misc/ssh-keysign
#/usr/lib/misc/ssh-keysign
## -rws--x--x 1 root root 30K 2013-09-08 19:14 /sbin/unix_chkpwd
#/sbin/unix_chkpwd
## -rws--x--x 1 root root 26K 2013-09-08 19:23 /usr/bin/fusermount
#/usr/bin/fusermount
## -rws--x--x 1 root root 30K 2013-09-08 19:47 /usr/sbin/vlock-main
#/usr/sbin/vlock-main
## -rws--x--x 1 root root 9.3K 2013-09-09 17:15 /usr/lib/misc/glibc/pt_chown
#/usr/lib/misc/glibc/pt_chown
## -rwsrws--x 1 fcron fcron 35K 2013-12-01 15:44 /usr/bin/fcrondyn
#/usr/bin/fcrondyn
## -rwsrws--x 1 fcron fcron 66K 2013-12-01 15:44 /usr/bin/fcrontab
#/usr/bin/fcrontab
## -rws--x--- 1 root fcron 22K 2013-12-01 15:44 /usr/libexec/fcronsighup
#/usr/libexec/fcronsighup
## -rwx--s--x 1 root postdrop 179K 2013-12-25 12:54 /usr/sbin/postdrop
/usr/sbin/postdrop
## -rwx--s--x 1 root postdrop 195K 2013-12-25 12:54 /usr/sbin/postqueue
/usr/sbin/postqueue
## -rws--x--x 1 root root 199K 2014-02-27 19:18 /usr/bin/cdda2wav
#/usr/bin/cdda2wav
## -rws--x--x 1 root root 114K 2014-02-27 19:18 /usr/bin/readcd
#/usr/bin/readcd
## -rws--x--x 1 root root 346K 2014-02-27 19:18 /usr/bin/cdrecord
#/usr/bin/cdrecord
## -rws--x--x 1 root root 18K 2014-02-27 19:18 /usr/sbin/rscsi
#/usr/sbin/rscsi
## -rwx--s--x 1 root root 5.4K 2014-03-08 01:45 /usr/bin/cleanutmp
#/usr/bin/cleanutmp
## -rwxr-s--x 1 root mail 38K 2014-03-16 12:18 /usr/bin/mutt_dotlock
#/usr/bin/mutt_dotlock
## -rwx--s--x 1 root locate 34K 2014-05-06 01:37 /usr/bin/locate
#/usr/bin/locate
## -rws--x--x 1 root root 68K 2015-02-02 14:09 /usr/sbin/mtr
#/usr/sbin/mtr
## -rws--x--x 1 root root 5.3K 2015-02-19 12:26 /usr/libexec/xf86-video-intel-backlight-helper
#/usr/libexec/xf86-video-intel-backlight-helper
## -r-s--x--x 1 root root 9.4K 2015-06-22 15:02 /usr/libexec/lockspool
#/usr/libexec/lockspool
## -rwxr-s--x 1 root utmp 5.2K 2016-02-21 08:26 /usr/lib/misc/utempter/utempter
#/usr/lib/misc/utempter/utempter
## -rws--x--x 1 root root 32K 2017-01-03 10:53 /usr/bin/newuidmap
#/usr/bin/newuidmap
## -rws--x--x 1 root root 32K 2017-01-03 10:53 /usr/bin/newgidmap
#/usr/bin/newgidmap
## -rws--x--x 1 root root 2.4M 2017-02-20 18:40 /usr/bin/Xorg
#/usr/bin/Xorg
## -rwsr-s--x 1 man man 123K 2017-03-04 23:06 /usr/bin/mandb
#/usr/bin/mandb
## -rws--x--x 1 root root 192K 2017-04-26 13:59 /usr/bin/atop
#/usr/bin/atop

YMMV ...

best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum