[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setuid root binaries in /usr/local



On September 16, 2002 02:39 am, Peter Valchev wrote:
> Here's a list of all setuid root programs that ports install, taken from
> the latest i386 snapshot packages.

> ./efax-0.9.tgz/bin/efax

Really? Setuid root or just setuid?

$ pwd
/usr/ports/comms/efax
$ cvs -d $CVSROOT diff
? w-efax-0.9
cvs server: Diffing .
cvs server: Diffing patches
cvs server: Diffing pkg
$ sudo make deinstall reinstall
 ...
/usr/sbin/chown uucp.dialer /usr/ports/comms/efax/w-efax-0.9/fake-i386/usr/local/bin/efax
/bin/chmod u+s /usr/ports/comms/efax/w-efax-0.9/fake-i386/usr/local/bin/efax
===>  Building package for efax-0.9
Creating package /usr/ports/packages/i386/All/efax-0.9.tgz
Using SrcDir value of /usr/ports/comms/efax/w-efax-0.9/fake-i386/usr/local
Creating gzip'd tar ball in '/usr/ports/packages/i386/All/efax-0.9.tgz'
===>  Installing efax-0.9 from /usr/ports/packages/i386/All/efax-0.9.tgz
 ...
$ ls -l /usr/local/bin/efax
-rwsr-xr-x  1 uucp  dialer  116397 Sep 16 10:53 /usr/local/bin/efax
$



Visit your host, monkey.org