[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

setuid/setgid ports list so far



This is what I've come up with so far


286205  800 -rwsr-xr-x    1 root     bin        397312 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lpq
286206  832 -rwsr-xr-x    1 root     bin        413696 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lpr
286207  784 -rwsr-xr-x    1 root     bin        393216 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lprm
286208  800 -rwsr-xr-x    1 root     bin        397312 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lpstat
289949  800 -rwsr-xr-x    1 root     bin        401408 Sep 13 08:04 ./LPRng-3.7.4.tgz/sbin/lpc

setuid root, why, lpr(1) is only daemon

591404   48 -r-sr-x---    1 root     operator    24576 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/calcsize
591414  176 -r-sr-x---    1 root     operator    90112 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/dumper
591415   40 -r-sr-x---    1 root     operator    20480 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/killpgrp
591417  240 -r-sr-x---    1 root     operator   114688 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/planner
591418   40 -r-sr-x---    1 root     operator    20480 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/rundump
591419   40 -r-sr-x---    1 root     operator    20480 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/runtar
591448  256 -r-sr-x---    1 root     operator   118784 Sep 13 04:12 ./amanda-2.4.2.2.tgz/sbin/amcheck
593335   48 -r-sr-x---    1 root     operator    24576 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/calcsize
593336   40 -r-sr-x---    1 root     operator    20480 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/killpgrp
593338   40 -r-sr-x---    1 root     operator    20480 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/rundump
593339   40 -r-sr-x---    1 root     operator    20480 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/runtar

setuid root, but restricted to group 'operator' (should be OK)

---s--x--x  1 uucp  dialer  176128 Sep 12 14:42 /usr/obj/tmp/minicom-2.00.0.tgz/bin/minicom
setuid uucp XXX  likely wrong

702803   84 -r-sr-xr-x    1 root     staff       42744 Sep 13 04:40 ./bing-1.0.4.tgz/bin/bing

setuid root, modified to open needed raw socket first thing then
drop privileges immediately

787402  288 -r-sr-sr-x    1 daemon   daemon     135168 Sep 12 18:39 ./cannaserver-3.5b2.tgz/bin/cannaserver

setuid daemon, no idea why, espie?

1203844   24 -r-sr-xr-x    1 root     bin         12288 Sep 13 02:35 ./evolution-1.0.7.tgz/sbin/camel-lock-helper

setuid root, marcm@ says it is to lock mailboxes in /var/mail/
XXX hes looking at a different locking method (lockspool)?

1217331 1184 -rwsr-xr-x    1 root     wheel      595727 Sep 13 02:40 ./exim-3.34-ldap.tgz/sbin/exim
1219218 1184 -rwsr-xr-x    1 root     wheel      591543 Sep 13 02:42 ./exim-3.34-mysql.tgz/sbin/exim
1221138 1184 -rwsr-xr-x    1 root     wheel      595727 Sep 13 02:41 ./exim-3.34-no_x11-ldap.tgz/sbin/exim
1223058 1200 -rwsr-xr-x    1 root     wheel      604451 Sep 13 02:43 ./exim-3.34-no_x11-mysql-postgresql-ldap.tgz/sbin/exim
1224978 1184 -rwsr-xr-x    1 root     wheel      591543 Sep 13 02:42 ./exim-3.34-no_x11-mysql.tgz/sbin/exim
1226898 1184 -rwsr-xr-x    1 root     wheel      591543 Sep 13 02:45 ./exim-3.34-no_x11-postgresql.tgz/sbin/exim
1228818 1168 -rwsr-xr-x    1 root     wheel      587181 Sep 13 02:44 ./exim-3.34-no_x11.tgz/sbin/exim
1230738 1184 -rwsr-xr-x    1 root     wheel      591543 Sep 13 02:45 ./exim-3.34-postgresql.tgz/sbin/exim
1232658 1168 -rwsr-xr-x    1 root     wheel      587181 Sep 13 02:39 ./exim-3.34.tgz/sbin/exim

setuid root but it should be OK

1459226 1088 -rwxr-sr-x    1 root     kmem       548864 Sep 12 10:03 ./gkrellm-1.2.13.tgz/bin/gkrellm

setgid kmem XXX it can use sysctl for most things, i have a diff except
for the CPU meter which doesn't work, need to see why.

1908518  256 -rwsr-xr-x    1 bin      wheel      122880 Sep 12 21:21 ./ja-Wnn-4.2.tgz/bin/jserver

setuid bin ?? an error?

1908520  416 -rwsr-xr-x    1 root     wheel      204800 Sep 12 21:21 ./ja-Wnn-4.2.tgz/bin/uum

setuid root, no idea why see this from past:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0948

1920048  336 -rwsr-xr-x    1 root     wheel      163840 Sep 12 21:25 ./ja-kterm-6.2.0-xaw3d.tgz/bin/kterm
1918234  336 -rwsr-xr-x    1 root     wheel      163840 Sep 12 21:25 ./ja-kterm-6.2.0.tgz/bin/kterm

setuid root, for pty allocation, utmp. XXX it can revoke privs earlier
and such; working on a patch based on what was committed to our xterm

2020368  152 -rwxr-sr-x    1 root     nogroup     77824 Sep 13 19:59 ./kdebase-3.0.3.tgz/bin/kdesud

setgid nogroup ?? looks wrong

2020386   24 -rwsr-xr-x    1 root     bin         12288 Sep 13 19:59 ./kdebase-3.0.3.tgz/bin/konsole_grantpty

setuid root, pty allocation & such, probably OK

2321581  256 -rwsr-xr-x    1 bin      wheel      118784 Sep 12 21:21 ./ko-Wnn-4.2.tgz/bin/kserver
2321582  416 -rwsr-xr-x    1 root     wheel      200704 Sep 12 21:21 ./ko-Wnn-4.2.tgz/bin/kuum

setuid bin/root like see Canna above

2463371   24 -rwsr-xr-x    1 uucp     bin         12288 Sep 13 04:20 ./magicpoint-1.09a.tgz/bin/xmindpath

setuid uucp, XXX why the hell, need to check

2465366   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/admin
2465367   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/admindb
2465368   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/edithtml
2465369   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/handle_opts
2465370   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/listinfo
2465371   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/options
2465372   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/private
2465373   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/roster
2465374   82 -rwxr-sr-x    1 root     bin         41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/subscribe
2465391   82 -rwxr-sr-x    1 root     bin         41681 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/mail/wrapper
2465659   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/admin
2465660   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/admindb
2465661   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/edithtml
2465662   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/handle_opts
2465663   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/listinfo
2465664   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/options
2465665   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/private
2465666   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/roster
2465667   82 -rwxr-sr-x    1 root     bin         41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/subscribe
2467216   82 -rwxr-sr-x    1 root     bin         41657 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/mail/wrapper

setgid bin XXX reasons that need to be checked, likely wrong

2488494  186 -rwsr-xr-x    1 root     wheel       95220 Sep 13 05:32 ./mtr-0.49.tgz/sbin/mtr

setuid root - uses raw sockets.  main() calls net_preopen() first thing
which opens the sockets and revokes root privileges immediately after that.

2544008   24 -rwsr-xr-x    1 root     bin         12288 Sep 12 14:04 ./nap-1.5.0.tgz/bin/napping

small setuid root prog that nap uses to ping hosts, basically
like ping(1) and it revokes priveleges immediately after the socket() call

2582413  256 -rwxr-sr-x    1 root     wheel      122880 Sep 13 02:53 ./nmh-1.0.4.tgz/bin/inc

setgid wheel ?! XXX need to check why, mail handling program

2661460  240 -rwsr-xr-x    1 root     wheel      110592 Sep 13 05:56 ./oproute-0.7.tgz/bin/oproute

setuid root, network tool, uses SOCK_RAW.  modified to call socket() as
early as possible and revoke privileges immediately after.

3895742  184 -r-sr-xr-x    1 uucp     bin         94208 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uucp
3895744   80 -r-sr-xr-x    1 uucp     bin         40960 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uuname
3895747  224 -r-sr-xr-x    1 uucp     bin        102400 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uustat
3895749  184 -r-sr-xr-x    1 uucp     bin         94208 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uux
3895755  464 -r-sr-xr-x    1 uucp     bin        225280 Sep 13 06:18 ./uucp-1.06.2.tgz/libexec/uucp/uucico
3895757  224 -r-sr-xr-x    1 uucp     bin        106496 Sep 13 06:18 ./uucp-1.06.2.tgz/libexec/uucp/uuxqt

setuid uucp, XXX group dialer may be enough to control it

3943827   64 -r-xr-sr-x    1 root     kmem        32768 Sep 13 08:09 ./wmmon-1.0b2.tgz/bin/wmmon
3943858   56 -rwxr-sr-x    1 root     kmem        28672 Sep 13 06:18 ./wmnet-1.06.tgz/bin/wmnet

setgid kmem, kvem_openfiles XXX need to revoke privs asap, maybe it
can be even converted to use sysctl

3943994   72 -r-sr-xr-x    1 root     bin         36864 Sep 12 14:10 ./wmtune-1.1c-zoltrix.tgz/bin/wmtune

setuid root only for zoltrix flavor, for sysarch(I386_SET_IOPERM)
maintainer says

3972496  114 -rwsr-xr-x    1 root     bin         58010 Sep 12 14:42 ./xcept-2.1.2.tgz/libexec/ceptd

setuid root, XXX need to check why 

3496466  512 -r-sr-xr-x    1 root     bin        249929 Sep 12 14:17 ./xmcd-2.6p1.tgz/libexec/xmcd/cda
3496470  768 -r-sr-xr-x    1 root     bin        378337 Sep 12 14:17 ./xmcd-2.6p1.tgz/libexec/xmcd/xmcd

setuid root, XXX why, it's just a cdplayer....

4327739  256 -r-xr-sr-x    1 root     kmem       122880 Sep 13 08:10 ./xosview-1.8.0.tgz/bin/xosview

setgid kmem, kvm_openfiles and such, XXX should be checked that it
revokes gid kmem

4331619  400 -rwsr-xr-x    1 root     bin        196608 Sep 13 10:44 ./xscreensaver-4.05p1.tgz/bin/xscreensaver

setuid root, XXX it fetches passwd for xlock-like functionality but
it should revoke privs after that; may be converted to use BSD_AUTH and
only setgid auth

1217355  272 -rwsr-xr-x    1 bin      wheel      126976 Sep 12 21:21 ./zh-Wnn-4.2.tgz/bin/cserver
1217356  464 -rwsr-xr-x    1 root     wheel      225280 Sep 12 21:21 ./zh-Wnn-4.2.tgz/bin/cuum
1217362  272 -rwsr-xr-x    1 bin      wheel      126976 Sep 12 21:21 ./zh-Wnn-4.2.tgz/bin/tserver

setuid bin/root XXX see Canna above. same thing

-- Games

-rwx--s--x  1 root  games  303104 Sep 12 19:58 moria-5.5.2.tgz/bin/moria

setgid games, for score, handles them even

-rwx--s--x  1 root  games  618645 Sep 12 20:04 omega-0.90.4.tgz/bin/Omega

setgid games, for score XXX no scripts to handle instlal/deinstall

---x--s--x  1 root  games  69632 Sep 12 19:58 ./moon-buggy-0.5.1.tgz/bin/moon-buggy
setgid games, for score files, looks OK

1732003  120 -rwxr-sr-x    1 root     games       61440 Sep 12 19:55 ./gtkballs-2.2.0.tgz/bin/gtkballs

setgid games for score file, all OK

1858600  112 -rwxr-sr-x    1 root     games       57344 Sep 12 19:57 ./icebreaker-1.2.1.tgz/bin/icebreaker

setgid games for score file writing, all OK

2552073 3200 -rwxr-sr-x    1 bin      games     1629672 Sep 12 20:01 ./nethack-3.4.0-no_x11.tgz/lib/nethackdir/nethack
2567182 4224 -rwxr-sr-x    1 bin      games     2149118 Sep 12 20:04 ./nethack-3.4.0-qt.tgz/lib/nethackdir/nethack
2578705 3376 -rwxr-sr-x    1 bin      games     1716796 Sep 12 20:00 ./nethack-3.4.0.tgz/lib/nethackdir/nethack

setgid games for saves, etc

3463946 2832 -rwxr-sr-x    1 bin      games     1434861 Sep 12 20:19 ./slash-3.2.2-e8-no_x11.tgz/lib/slashdir/slash
3464138 2992 -rwxr-sr-x    1 bin      games     1517579 Sep 12 20:14 ./slash-3.2.2-e8.tgz/lib/slashdir/slash
3465795 3456 -rwxr-sr-x    1 bin      games     1760174 Sep 12 20:18 ./slash-em-3.3.1.6e4f8-no_x11.tgz/lib/slashemdir/slashem
3465986 3664 -rwxr-sr-x    1 bin      games     1859664 Sep 12 20:16 ./slash-em-3.3.1.6e4f8.tgz/lib/slashemdir/slashem

setgid games, nethack clone it uses stuff in /usr/local/ for saves, etc

3870906  192 -r-xr-sr-x    1 root     games       98304 Sep 12 20:19 ./toppler-0.96.tgz/bin/toppler

setgid games, score file, all OK

4298955  368 -rwxr-sr-x    1 root     games      196608 Sep 12 20:23 ./xkobo-1.11-harder.tgz/bin/xkobo
4298964  368 -rwxr-sr-x    1 root     games      196608 Sep 12 20:23 ./xkobo-1.11.tgz/bin/xkobo

setgid games, score file and such

4327758  176 -r-xr-sr-x    1 root     games       90112 Sep 12 20:24 ./xpat2-1.04.tgz/bin/xpat2

setgid games, score file, XXX probably needs a script to handle that
[fixed]

4347044 1984 -r-xr-sr-x    1 root     games     1007616 Sep 12 20:28 ./zangband-2.6.2-no_x11.tgz/bin/zangband
4348892 2080 -r-xr-sr-x    1 root     games     1052672 Sep 12 20:27 ./zangband-2.6.2.tgz/bin/zangband

setgid games ; see nethack

585764 1280 -rwxr-sr-x    1 bin      games      643072 Sep 12 19:38 ./abuse-2.0.tgz/bin/abuse.x11R6

setgid games ; see nethack

599201 1104 -r-xr-sr-x    1 root     games      552960 Sep 12 19:40 ./angband-2.9.3-no_x11.tgz/bin/angband
600968 1184 -r-xr-sr-x    1 root     games      598016 Sep 12 19:39 ./angband-2.9.3.tgz/bin/angband

setgid games for score file, all looks good

960007  512 -rwxr-sr-x    1 root     games      249856 Sep 12 19:43 ./dopewars-1.5.7.tgz/bin/dopewars

setgid games for score files, seems fine

1240661 3296 -rwxr-sr-x    1 root     wheel     1675805 Sep 12 19:48 ./falconseye-1.9.3.tgz/lib/falconseyedir/falconseye

setgid games ; see nethack



Visit your host, monkey.org