Subject: misc/143: Setuid programs installed unreadable
To: None <gnats-admin>
From: Arne Juul <arnej@dsl.unit.no>
List: netbsd-bugs
Date: 02/28/1994 15:20:02
>Number: 143
>Category: misc
>Synopsis: Several setuid programs installed unreadable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: gnats-admin (Misc Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Feb 28 15:20:01 1994
>Originator: Arne Juul
>Organization:
University of Trondheim, Norway
>Release: 0.9-current
>Environment:
Standalone machine with sources sup'ed Sunday
System: NetBSD skarven.dsl.unit.no 0.9a SKARVEN#0 i386
>Description:
Several setuid programs, like crontab, is installed without
read permission. This is (in my eyes) a hopeless security-
through-obscurity measure with no positive effects, and
hinders me from strings'ing or ftp'ing these binaries as
a normal user. (If there is some actual reason why these
programs aren't readable, please tell me :-)
>How-To-Repeat:
ls -l /usr/bin/tip /usr/bin/crontab /sbin/disklabel /sbin/init /sbin/shutdown
>Fix:
Apply patch below:
*** usr.bin/tip/Makefile.orig Fri Dec 17 08:18:31 1993
--- usr.bin/tip/Makefile Sun Feb 27 11:11:11 1994
***************
*** 35,41 ****
.PATH: ${.CURDIR}/aculib
BINOWN= uucp
BINGRP= dialer
! BINMODE=4510
# LINKS= ${BINDIR}/tip ${BINDIR}/cu
# MLINKS= tip.1 cu.1
SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c remcap.c \
--- 35,41 ----
.PATH: ${.CURDIR}/aculib
BINOWN= uucp
BINGRP= dialer
! BINMODE=4554
# LINKS= ${BINDIR}/tip ${BINDIR}/cu
# MLINKS= tip.1 cu.1
SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c remcap.c \
*** usr.bin/crontab/Makefile.orig Thu Feb 10 12:18:54 1994
--- usr.bin/crontab/Makefile Sun Feb 27 11:09:58 1994
***************
*** 4,10 ****
SRCS= crontab.c misc.c entry.c env.c
CFLAGS+=-I${.CURDIR} -I${.CURDIR}/../../usr.sbin/cron -DDEBUGGING=1
BINOWN =root
! BINMODE=4111
MAN1=
MAN5=
CLEANFILES=crontab.1.0 crontab.5.0
--- 4,10 ----
SRCS= crontab.c misc.c entry.c env.c
CFLAGS+=-I${.CURDIR} -I${.CURDIR}/../../usr.sbin/cron -DDEBUGGING=1
BINOWN =root
! BINMODE=4555
MAN1=
MAN5=
CLEANFILES=crontab.1.0 crontab.5.0
*** sbin/disklabel/Makefile.orig Sun Feb 13 11:11:31 1994
--- sbin/disklabel/Makefile Sun Feb 27 11:14:52 1994
***************
*** 5,11 ****
SRCS= disklabel.c dkcksum.c
MAN8= disklabel.0
BINGRP=operator
! BINMODE=2550
CLEANFILES=disklabel.5.0
.if (${MACHINE} == "amiga")
CFLAGS+=-D${MACHINE}
--- 5,11 ----
SRCS= disklabel.c dkcksum.c
MAN8= disklabel.0
BINGRP=operator
! BINMODE=2554
CLEANFILES=disklabel.5.0
.if (${MACHINE} == "amiga")
CFLAGS+=-D${MACHINE}
*** sbin/init/Makefile.orig Fri Dec 17 07:35:45 1993
--- sbin/init/Makefile Sun Feb 27 11:15:44 1994
***************
*** 8,13 ****
CFLAGS+=-DSECURE -DNOSYSCTL
DPADD= ${LIBUTIL} ${LIBCRYPT}
LDADD= -lutil -lcrypt
! BINMODE=500
.include <bsd.prog.mk>
--- 8,13 ----
CFLAGS+=-DSECURE -DNOSYSCTL
DPADD= ${LIBUTIL} ${LIBCRYPT}
LDADD= -lutil -lcrypt
! BINMODE=544
.include <bsd.prog.mk>
*** sbin/shutdown/Makefile.orig Fri Dec 17 07:37:03 1993
--- sbin/shutdown/Makefile Sun Feb 27 11:17:06 1994
***************
*** 5,10 ****
MAN8= shutdown.0
BINOWN= root
BINGRP= operator
! BINMODE=4550
.include <bsd.prog.mk>
--- 5,10 ----
MAN8= shutdown.0
BINOWN= root
BINGRP= operator
! BINMODE=4554
.include <bsd.prog.mk>
>Audit-Trail:
>Unformatted:
------------------------------------------------------------------------------