suid and and sgid files should only be needed when that application needs to access resources only required by root. For example, the login binary needs to read /etc/passwd etc.. and other network tools that need to bind ports or even contruct packets. If the application needs root, but you dont trust everybody, make groups, and group executables to that application, so anyone else cant execute it full stop. Though, race conditions in teh kernel for instance will take advantage of EVERY suid that NEED the suid bit. such as passwd and login etc.. The only problem is the whole bad coding concept, thats whjat it boils down to, suids and sgids are fine. hope you go well. ------------------------------------------------------------ Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com AntiOnline - The Internet's Information Security Super Center! ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
