On Mon, Aug 11, 2003 at 07:16:30PM -0500, Benjamin J. Weiss wrote: > uestion, but I got to thinking... > > On many of the INSTALL and README documents that come with source > tarballs, they talk about compiling with 'make', then running 'make > install' as root. I was scanning some security documents the other day, > and something just hit me: Somewhere in those documents they were > talking about looking for files that had the suid bit set and that were > owned by root. > > Now, I usually put my source files in /usr/local/src, so that I have one > place to put them. And I su to root before I do so, because my normal > account doesn't have access to that folder. Which means that I'm > compiling my sources as root, then installing them. > > Is this a bad security hole? Do I need to somehow set up a 'compile'
Not usually - but its always good to make sure that no executable binaries have been suid to root unless you are certain they are supposed to be. to find suid files use the find command: find /<dir> -perm -4000 -print This will print out a lits of all the suid files within/below the directory <dir>. > account that has access to that folder, or just create a folder in /var > or something? > > Thanks! > > Ben > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list > -- Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. [EMAIL PROTECTED] copyright 2003. Use is restricted. Any use is an acceptance of the offer at http://www.kinz.org/policy.html. Don't forget to change your password often. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
