04-03-2012
I repeat: Blindly disabling all setuid programs is silly. You are guaranteed to break important things that way.
I repeat: If you don't know if/why they need setuid, research them individually.
The link you gave even lists programs which you can disable setuid bits for on many versions of OSX -- and the consequences of doing so. Even those were set setuid for a reason, after all...
This User Gave Thanks to Corona688 For This Post:
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello all,
I was wondering if anyone can tell me how to change 24 bits depth display to 8 bits depth display for Sun Ultra1, running Solaris 8? THANKS in advance. I think that the command is ffbconfig, but it has nothing about depth. (4 Replies)
Discussion started by: larry
4 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
Discussion started by: crispy
1 Replies
3. Programming
I have a setuid to root program that has now to be changed to setuid to oracle depending on who is running it. Oracle has only two groups, dba (primary) and osgrp1 (secondary). But running 'id' if oracle shows all the secondary groups belonging to root, and only dba or osgrp1 as the primary group... (2 Replies)
Discussion started by: blowtorch
2 Replies
4. Shell Programming and Scripting
About System and Perl: Sun Solaris 5.9 sparc, Perl 5.6.1
I've decided to use the perl file::find module to look for all the SETUID and SETGID files on my unix boxes. I wrote something like this: (I've shorted it a little to make it simple)
#!/opt/perl/bin/perl
use File::Find;
find... (1 Reply)
Discussion started by: x96riley3
1 Replies
5. Solaris
hi..
why we go for setuid, setgid permissions?
as a system admin ,when we use this ,except default solaris setuid,setgid files and dirs..
hopes that anyone can help me regarding this.. (1 Reply)
Discussion started by: saravananpalani
1 Replies
6. What is on Your Mind?
Ten movies have been nominated as best motion picture by the International Press Academy, presentation of the 2012 Satellite Awards will be held on 16th December at Los Angeles, CA.
Place your bits here on one of the below nominated movie of your choice:-
Argo
... (0 Replies)
Discussion started by: Yoda
0 Replies
7. Solaris
I have a user AAA who's who is part of a group call clserv and techsupp, His userfiles have the following permissions:-
drwxrwx--- 16 AAA clserv 1858 Aug 22 12:48 UserFiles
he has a link in his UserFiles/
lrwxrwxrwx 1 root root 36 Mar 9 2013 TECHSUPP_GLOBAL... (5 Replies)
Discussion started by: kilobyter
5 Replies
8. Shell Programming and Scripting
so im writing a script for a android system. these types of systems are not the typical unix systems.
what i need to do is basic. i have a script which I put in a directory and then zipped up the directory in a zip file. that way, when the script is unzipped, the person unzipping will see... (1 Reply)
Discussion started by: SkySmart
1 Replies
9. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
LEARN ABOUT OSX
issetugid
ISSETUGID(2) BSD System Calls Manual ISSETUGID(2)
NAME
issetugid -- is current process tainted by uid or gid changes
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
issetugid(void);
DESCRIPTION
The issetugid() system call returns 1 if the process environment or memory address space is considered ``tainted'', and returns 0 otherwise.
A process is tainted if it was created as a result of an execve(2) system call which had either of the setuid or setgid bits set (and extra
privileges were given as a result) or if it has changed any of its real, effective or saved user or group ID's since it began execution.
This system call exists so that library routines (eg: libc, libtermcap) can reliably determine if it is safe to use information that was
obtained from the user, in particular the results from getenv(3) should be viewed with suspicion if it is used to control operation.
A ``tainted'' status is inherited by child processes as a result of the fork(2) system call (or other library code that calls fork, such as
popen(3)).
It is assumed that a program that clears all privileges as it prepares to execute another will also reset the environment, hence the
``tainted'' status will not be passed on. This is important for programs such as su(1) which begin setuid but need to be able to create an
untainted process.
ERRORS
The issetugid() system call is always successful, and no return value is reserved to indicate an error.
SEE ALSO
execve(2), fork(2), setegid(2), seteuid(2), setgid(2), setregid(2), setreuid(2), setuid(2)
HISTORY
The issetugid() system call first appeared in OpenBSD 2.0 and was also implemented in FreeBSD 3.0.
BSD
August 25, 1996 BSD