<snip> > > and something just hit me: Somewhere in those documents they were > > talking about looking for files that had the suid bit set and that were > > owned by root. > > > > Now, I usually put my source files in /usr/local/src, so that I have one > > place to put them. And I su to root before I do so, because my normal > > account doesn't have access to that folder. Which means that I'm > > compiling my sources as root, then installing them. > > > > Is this a bad security hole? Do I need to somehow set up a 'compile' > > Not usually - but its always good to make sure that no executable > binaries have been suid to root unless you are certain they are supposed > to be. > > > to find suid files use the find command: > > find /<dir> -perm -4000 -print
Okay, thanks! Next question: I ran that find command from the root directory, and found thirty executables with that suid bit set. Some I can tell need it (sudo, suexec), some I think I can just delete (rlogin, rsh, rcp), but there are some that I don't know why they have suid (userisdnctl, etc). Is there a place that has a recognized list of files that *should* be suid? Or do I need to check each man page for each file that has that bit set? Thanks again! I am learning the security side of this, but every time I think I have a handle on things, I find out that there's a *lot* more to learn! :) Ben -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
