Suid security audit

anonym00se

I guess i really should have done the last few posts as one ah well


*Shredding Access in the Name of Security: Set UID Audits


http://securityportal.com/cover/coverstory20000626.html

phil

Apologies for being late on this,

The problem with this text is that it's too basic. I haven't seen a decent security text yet that assumes the user is anymore than a basic user. If you're teaching someone about permissions, the chances are you're going way over his head about everything anyways.

find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -l {} \;

Something like that should be left in a crontab. Debian by default has a /var/log/setuid.changes which is a very good idea, it's a nice idea to have some level of suid/sgid audits for users already setup.

Basic, I would merely classify it as explaining to someone about SUID and SGID, I'd hope anyone who calls them a UNIX administrator or a security expert wouldn't have to read this text.

---

Phil
phil@redbrick.dcu.ie
http://www.phil-the-nerd.org

phil

Ahhhhhh Yes, your relevant points astound me. Perhaps you can explain what redbrick has to do with the post?
My point wasn't that UNIX administrators shouldn't read it, it's that they shouldn't HAVE to read it. If you're going to bring this down to a personal level and be such an idiot about it, go reply somewhere else.

This text starts off explaining permissions. What I merely stated was that it's of no real use to anyone who would dare call them a security expert. Of course You being a _real_ security expert and a _real_ admin of course would know all about it. Have you worked out permissions yet then? Or would that be patronising to say? Yes, it would. It'd also be patronising to say anyone with any real security experience would have anything to learn from this text.

spod

now now kids, there there, calm down.

Two quotes spring to mind:

"As long as I learn I make mistakes"

- some beastie boys song from hello nasty.

"The more I learn the more I realise I have yet to learn"

- or something along those lines from some old bloke.

Basically, makes presumptious statements about peoples level of knowledge etc. is dangerous, as is attempting to seem all knowing yourself.

I haven't read the text in question, but then I didn't bother researching the two quotes I paraphrased, guess I'm lazy.

No point in turning the board into a personal flame war. Phil, bless, redbrick root, ph3r3 etc. etc. Bedlam, down, bold boy, you know phil is far too easy to antagonise.

Sean Paul O'Doyle

phil

Both of your maturity levels seem to have risen quite dramatically in the last year or so. I'm sure this is quite evident in your astounding 3l33tnesss..

My post was in reply to a "rise" out of you if anything. When it got down to it, all that text was about was permissions. You _ARE_ a security expert (or so the grapevine tells me), I was neither being patronising nor sarcastic, I was merely trying to show the uselessness of a text to someone who actually calls themself a security expert (be it you, or anyone else.


[This message has been edited by phil (edited 05-07-2000).]

spod

Originally posted by phil:
My post was in reply to a "rise" out of you if anything.....[snip]...... You _ARE_ a security expert (or so the grapevine tells me), I was neither being patronising nor sarcastic, I was merely trying to show the uselessness of a text to someone who actually calls themself a security expert.

just curious but exactly whom were you referring to?

phil

Originally posted by spod:just curious but exactly whom were you referring to?

bedlam



[This message has been edited by phil (edited 05-07-2000).]

spod

Originally posted by bedlam:
yes I currently work for a computer security company, but I would not call my self a security expert by any means.

*ahem*

I think it's probably about time I figured out how to do a topic lock thingy, and, well I think the less said about the time someone msg'd someone else with the wonderfully mature message "ha I have root on 4 produtcion freebsd boxes and your still working with nt" or something along those lines the better ;P Isn't that right phil?

Trojan

Ah, but you do have time to read this bedlam?

(Yeah I'm trying to get a rise out of him...)

A lot depends on how you define expert: (1) and (2) here are quite different:

ex·pert (kspûrt)
n.

1. A person with a high degree of skill in or knowledge of a certain subject.

2. The highest grade that can be achieved in marksmanship.
A person who has achieved this grade.

Al.

ecksor

Ok, I'm not interested in personal grudges/insults/digs/rises on boards.ie
I don't think most other people are either.

It's a public forum and most readers aren't going to know/care who the people behind the posts are. Please stick to the point and/or points raised.

Thanks.