Too much SUID/SGID files!

whoami toask Mon, 05 Jan 2015 23:29:37 -0800

Hello, 

isn't there too much SUID/SGID files on a default OpenBSD install?


Can this number be reduced?

Example: why does wall, write, modstat need an SGID?

# uname -a
OpenBSD notebook.lan 5.6 GENERIC.MP#333 amd64 
# find / -perm -4000 -o -perm -2000 -ls -print
 78047 5856 -rwxr-sr-x    1 root     auth      2970920 Aug  6 21:45 
/usr/X11R6/bin/xlock/usr/X11R6/bin/xlock
 78068 1216 -rwxr-sr-x    1 root     utmp       592056 Aug  6 22:09 
/usr/X11R6/bin/xterm/usr/X11R6/bin/xterm
1147497   60 -r-xr-sr-x    1 root     kmem        30200 Jul 31 11:50 
/usr/local/bin/libgtop_server2/usr/local/bin/libgtop_server2
 78031   32 -r-xr-sr-x    1 root     utmp        15864 Jul 31 09:57 
/usr/local/libexec/gnome-pty-helper/usr/local/libexec/gnome-pty-helper
155910   84 -r-xr-sr-x    4 root     crontab     41752 Aug  8 08:06 
/usr/bin/at/usr/bin/at
155910   84 -r-xr-sr-x    4 root     crontab     41752 Aug  8 08:06 
/usr/bin/atq/usr/bin/atq
155910   84 -r-xr-sr-x    4 root     crontab     41752 Aug  8 08:06 
/usr/bin/atrm/usr/bin/atrm
155910   84 -r-xr-sr-x    4 root     crontab     41752 Aug  8 08:06 
/usr/bin/batch/usr/bin/batch
155943   72 -r-xr-sr-x    1 root     crontab     36504 Aug  8 08:06 
/usr/bin/crontab/usr/bin/crontab
156014   24 -r-xr-sr-x    1 root     auth        11672 Aug  8 08:06 
/usr/bin/lock/usr/bin/lock
156019   60 -r-xr-sr-x    1 root     daemon      28952 Aug  8 08:06 
/usr/bin/lpq/usr/bin/lpq
156033   20 -r-xr-sr-x    1 root     _lkm         8952 Aug  8 08:06 
/usr/bin/modstat/usr/bin/modstat
156035  292 -r-xr-sr-x    1 root     kmem       148216 Aug  8 08:06 
/usr/bin/netstat/usr/bin/netstat
156093   24 -r-xr-sr-x    1 root     auth        11544 Aug  8 08:06 
/usr/bin/skeyaudit/usr/bin/skeyaudit
156094   16 -r-xr-sr-x    1 root     auth         8184 Aug  8 08:06 
/usr/bin/skeyinfo/usr/bin/skeyinfo
156095   44 -r-xr-sr-x    1 root     auth        20632 Aug  8 08:06 
/usr/bin/skeyinit/usr/bin/skeyinit
156105  704 -r-xr-sr-x    1 root     _sshagnt   333656 Aug  8 08:07 
/usr/bin/ssh-agent/usr/bin/ssh-agent
156112  284 -r-xr-sr-x    1 root     kmem       144568 Aug  8 08:06 
/usr/bin/systat/usr/bin/systat
156146   32 -r-xr-sr-x    1 root     tty         15928 Aug  8 08:06 
/usr/bin/wall/usr/bin/wall
156152   28 -r-xr-sr-x    1 root     tty         13080 Aug  8 08:06 
/usr/bin/write/usr/bin/write
103939   40 -r-xr-sr-x    4 root     _token      20344 Aug  8 08:06 
/usr/libexec/auth/login_activ/usr/libexec/auth/login_activ
103939   40 -r-xr-sr-x    4 root     _token      20344 Aug  8 08:06 
/usr/libexec/auth/login_crypto/usr/libexec/auth/login_crypto
103943   40 -r-xr-sr-x    1 root     _radius     19928 Aug  8 08:06 
/usr/libexec/auth/login_radius/usr/libexec/auth/login_radius
103945   24 -r-xr-sr-x    1 root     auth        11608 Aug  8 08:06 
/usr/libexec/auth/login_skey/usr/libexec/auth/login_skey
103939   40 -r-xr-sr-x    4 root     _token      20344 Aug  8 08:06 
/usr/libexec/auth/login_snk/usr/libexec/auth/login_snk
103939   40 -r-xr-sr-x    4 root     _token      20344 Aug  8 08:06 
/usr/libexec/auth/login_token/usr/libexec/auth/login_token
103947   40 -r-xr-sr-x    1 root     auth        20408 Aug  8 08:06 
/usr/libexec/auth/login_yubikey/usr/libexec/auth/login_yubikey
103987 1568 -r-xr-sr-x    1 root     smmsp      783576 Aug  8 08:08 
/usr/libexec/sendmail/sendmail/usr/libexec/sendmail/sendmail
 52023   80 -r-xr-sr-x    1 root     daemon      39736 Aug  8 08:06 
/usr/sbin/lpc/usr/sbin/lpc
 52024  160 -r-xr-s---    1 root     daemon      80952 Aug  8 08:06 
/usr/sbin/lpd/usr/sbin/lpd
 52073   52 -r-xr-sr-x    1 root     kmem        24664 Aug  8 08:06 
/usr/sbin/pstat/usr/sbin/pstat
519680    4 drwxrws---    2 root     wheel         512 Aug  8 08:05 
/var/audit/var/audit
# find / -perm -4000 -o -perm -2000 -ls -print | wc -l
32

Thanks, 

have a secure day!

Too much SUID/SGID files!

Reply via email to