[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
setuid/setgid ports list so far
- To: ports_(_at_)_openbsd_(_dot_)_org
- Subject: setuid/setgid ports list so far
- From: Peter Valchev <pvalchev_(_at_)_sightly_(_dot_)_net>
- Date: Fri, 20 Sep 2002 01:10:30 -0600
- Mail-followup-to: ports_(_at_)_openbsd_(_dot_)_org
This is what I've come up with so far
286205 800 -rwsr-xr-x 1 root bin 397312 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lpq
286206 832 -rwsr-xr-x 1 root bin 413696 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lpr
286207 784 -rwsr-xr-x 1 root bin 393216 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lprm
286208 800 -rwsr-xr-x 1 root bin 397312 Sep 13 08:04 ./LPRng-3.7.4.tgz/bin/lpstat
289949 800 -rwsr-xr-x 1 root bin 401408 Sep 13 08:04 ./LPRng-3.7.4.tgz/sbin/lpc
setuid root, why, lpr(1) is only daemon
591404 48 -r-sr-x--- 1 root operator 24576 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/calcsize
591414 176 -r-sr-x--- 1 root operator 90112 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/dumper
591415 40 -r-sr-x--- 1 root operator 20480 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/killpgrp
591417 240 -r-sr-x--- 1 root operator 114688 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/planner
591418 40 -r-sr-x--- 1 root operator 20480 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/rundump
591419 40 -r-sr-x--- 1 root operator 20480 Sep 13 04:12 ./amanda-2.4.2.2.tgz/libexec/amanda/runtar
591448 256 -r-sr-x--- 1 root operator 118784 Sep 13 04:12 ./amanda-2.4.2.2.tgz/sbin/amcheck
593335 48 -r-sr-x--- 1 root operator 24576 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/calcsize
593336 40 -r-sr-x--- 1 root operator 20480 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/killpgrp
593338 40 -r-sr-x--- 1 root operator 20480 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/rundump
593339 40 -r-sr-x--- 1 root operator 20480 Sep 13 04:12 ./amanda-client-2.4.2.2.tgz/libexec/amanda/runtar
setuid root, but restricted to group 'operator' (should be OK)
---s--x--x 1 uucp dialer 176128 Sep 12 14:42 /usr/obj/tmp/minicom-2.00.0.tgz/bin/minicom
setuid uucp XXX likely wrong
702803 84 -r-sr-xr-x 1 root staff 42744 Sep 13 04:40 ./bing-1.0.4.tgz/bin/bing
setuid root, modified to open needed raw socket first thing then
drop privileges immediately
787402 288 -r-sr-sr-x 1 daemon daemon 135168 Sep 12 18:39 ./cannaserver-3.5b2.tgz/bin/cannaserver
setuid daemon, no idea why, espie?
1203844 24 -r-sr-xr-x 1 root bin 12288 Sep 13 02:35 ./evolution-1.0.7.tgz/sbin/camel-lock-helper
setuid root, marcm@ says it is to lock mailboxes in /var/mail/
XXX hes looking at a different locking method (lockspool)?
1217331 1184 -rwsr-xr-x 1 root wheel 595727 Sep 13 02:40 ./exim-3.34-ldap.tgz/sbin/exim
1219218 1184 -rwsr-xr-x 1 root wheel 591543 Sep 13 02:42 ./exim-3.34-mysql.tgz/sbin/exim
1221138 1184 -rwsr-xr-x 1 root wheel 595727 Sep 13 02:41 ./exim-3.34-no_x11-ldap.tgz/sbin/exim
1223058 1200 -rwsr-xr-x 1 root wheel 604451 Sep 13 02:43 ./exim-3.34-no_x11-mysql-postgresql-ldap.tgz/sbin/exim
1224978 1184 -rwsr-xr-x 1 root wheel 591543 Sep 13 02:42 ./exim-3.34-no_x11-mysql.tgz/sbin/exim
1226898 1184 -rwsr-xr-x 1 root wheel 591543 Sep 13 02:45 ./exim-3.34-no_x11-postgresql.tgz/sbin/exim
1228818 1168 -rwsr-xr-x 1 root wheel 587181 Sep 13 02:44 ./exim-3.34-no_x11.tgz/sbin/exim
1230738 1184 -rwsr-xr-x 1 root wheel 591543 Sep 13 02:45 ./exim-3.34-postgresql.tgz/sbin/exim
1232658 1168 -rwsr-xr-x 1 root wheel 587181 Sep 13 02:39 ./exim-3.34.tgz/sbin/exim
setuid root but it should be OK
1459226 1088 -rwxr-sr-x 1 root kmem 548864 Sep 12 10:03 ./gkrellm-1.2.13.tgz/bin/gkrellm
setgid kmem XXX it can use sysctl for most things, i have a diff except
for the CPU meter which doesn't work, need to see why.
1908518 256 -rwsr-xr-x 1 bin wheel 122880 Sep 12 21:21 ./ja-Wnn-4.2.tgz/bin/jserver
setuid bin ?? an error?
1908520 416 -rwsr-xr-x 1 root wheel 204800 Sep 12 21:21 ./ja-Wnn-4.2.tgz/bin/uum
setuid root, no idea why see this from past:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0948
1920048 336 -rwsr-xr-x 1 root wheel 163840 Sep 12 21:25 ./ja-kterm-6.2.0-xaw3d.tgz/bin/kterm
1918234 336 -rwsr-xr-x 1 root wheel 163840 Sep 12 21:25 ./ja-kterm-6.2.0.tgz/bin/kterm
setuid root, for pty allocation, utmp. XXX it can revoke privs earlier
and such; working on a patch based on what was committed to our xterm
2020368 152 -rwxr-sr-x 1 root nogroup 77824 Sep 13 19:59 ./kdebase-3.0.3.tgz/bin/kdesud
setgid nogroup ?? looks wrong
2020386 24 -rwsr-xr-x 1 root bin 12288 Sep 13 19:59 ./kdebase-3.0.3.tgz/bin/konsole_grantpty
setuid root, pty allocation & such, probably OK
2321581 256 -rwsr-xr-x 1 bin wheel 118784 Sep 12 21:21 ./ko-Wnn-4.2.tgz/bin/kserver
2321582 416 -rwsr-xr-x 1 root wheel 200704 Sep 12 21:21 ./ko-Wnn-4.2.tgz/bin/kuum
setuid bin/root like see Canna above
2463371 24 -rwsr-xr-x 1 uucp bin 12288 Sep 13 04:20 ./magicpoint-1.09a.tgz/bin/xmindpath
setuid uucp, XXX why the hell, need to check
2465366 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/admin
2465367 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/admindb
2465368 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/edithtml
2465369 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/handle_opts
2465370 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/listinfo
2465371 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/options
2465372 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/private
2465373 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/roster
2465374 82 -rwxr-sr-x 1 root bin 41441 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/cgi-bin/subscribe
2465391 82 -rwxr-sr-x 1 root bin 41681 Sep 13 02:50 ./mailman-2.0.12-postfix.tgz/lib/mailman/mail/wrapper
2465659 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/admin
2465660 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/admindb
2465661 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/edithtml
2465662 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/handle_opts
2465663 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/listinfo
2465664 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/options
2465665 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/private
2465666 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/roster
2465667 82 -rwxr-sr-x 1 root bin 41417 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/cgi-bin/subscribe
2467216 82 -rwxr-sr-x 1 root bin 41657 Sep 13 02:49 ./mailman-2.0.12.tgz/lib/mailman/mail/wrapper
setgid bin XXX reasons that need to be checked, likely wrong
2488494 186 -rwsr-xr-x 1 root wheel 95220 Sep 13 05:32 ./mtr-0.49.tgz/sbin/mtr
setuid root - uses raw sockets. main() calls net_preopen() first thing
which opens the sockets and revokes root privileges immediately after that.
2544008 24 -rwsr-xr-x 1 root bin 12288 Sep 12 14:04 ./nap-1.5.0.tgz/bin/napping
small setuid root prog that nap uses to ping hosts, basically
like ping(1) and it revokes priveleges immediately after the socket() call
2582413 256 -rwxr-sr-x 1 root wheel 122880 Sep 13 02:53 ./nmh-1.0.4.tgz/bin/inc
setgid wheel ?! XXX need to check why, mail handling program
2661460 240 -rwsr-xr-x 1 root wheel 110592 Sep 13 05:56 ./oproute-0.7.tgz/bin/oproute
setuid root, network tool, uses SOCK_RAW. modified to call socket() as
early as possible and revoke privileges immediately after.
3895742 184 -r-sr-xr-x 1 uucp bin 94208 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uucp
3895744 80 -r-sr-xr-x 1 uucp bin 40960 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uuname
3895747 224 -r-sr-xr-x 1 uucp bin 102400 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uustat
3895749 184 -r-sr-xr-x 1 uucp bin 94208 Sep 13 06:18 ./uucp-1.06.2.tgz/bin/uux
3895755 464 -r-sr-xr-x 1 uucp bin 225280 Sep 13 06:18 ./uucp-1.06.2.tgz/libexec/uucp/uucico
3895757 224 -r-sr-xr-x 1 uucp bin 106496 Sep 13 06:18 ./uucp-1.06.2.tgz/libexec/uucp/uuxqt
setuid uucp, XXX group dialer may be enough to control it
3943827 64 -r-xr-sr-x 1 root kmem 32768 Sep 13 08:09 ./wmmon-1.0b2.tgz/bin/wmmon
3943858 56 -rwxr-sr-x 1 root kmem 28672 Sep 13 06:18 ./wmnet-1.06.tgz/bin/wmnet
setgid kmem, kvem_openfiles XXX need to revoke privs asap, maybe it
can be even converted to use sysctl
3943994 72 -r-sr-xr-x 1 root bin 36864 Sep 12 14:10 ./wmtune-1.1c-zoltrix.tgz/bin/wmtune
setuid root only for zoltrix flavor, for sysarch(I386_SET_IOPERM)
maintainer says
3972496 114 -rwsr-xr-x 1 root bin 58010 Sep 12 14:42 ./xcept-2.1.2.tgz/libexec/ceptd
setuid root, XXX need to check why
3496466 512 -r-sr-xr-x 1 root bin 249929 Sep 12 14:17 ./xmcd-2.6p1.tgz/libexec/xmcd/cda
3496470 768 -r-sr-xr-x 1 root bin 378337 Sep 12 14:17 ./xmcd-2.6p1.tgz/libexec/xmcd/xmcd
setuid root, XXX why, it's just a cdplayer....
4327739 256 -r-xr-sr-x 1 root kmem 122880 Sep 13 08:10 ./xosview-1.8.0.tgz/bin/xosview
setgid kmem, kvm_openfiles and such, XXX should be checked that it
revokes gid kmem
4331619 400 -rwsr-xr-x 1 root bin 196608 Sep 13 10:44 ./xscreensaver-4.05p1.tgz/bin/xscreensaver
setuid root, XXX it fetches passwd for xlock-like functionality but
it should revoke privs after that; may be converted to use BSD_AUTH and
only setgid auth
1217355 272 -rwsr-xr-x 1 bin wheel 126976 Sep 12 21:21 ./zh-Wnn-4.2.tgz/bin/cserver
1217356 464 -rwsr-xr-x 1 root wheel 225280 Sep 12 21:21 ./zh-Wnn-4.2.tgz/bin/cuum
1217362 272 -rwsr-xr-x 1 bin wheel 126976 Sep 12 21:21 ./zh-Wnn-4.2.tgz/bin/tserver
setuid bin/root XXX see Canna above. same thing
-- Games
-rwx--s--x 1 root games 303104 Sep 12 19:58 moria-5.5.2.tgz/bin/moria
setgid games, for score, handles them even
-rwx--s--x 1 root games 618645 Sep 12 20:04 omega-0.90.4.tgz/bin/Omega
setgid games, for score XXX no scripts to handle instlal/deinstall
---x--s--x 1 root games 69632 Sep 12 19:58 ./moon-buggy-0.5.1.tgz/bin/moon-buggy
setgid games, for score files, looks OK
1732003 120 -rwxr-sr-x 1 root games 61440 Sep 12 19:55 ./gtkballs-2.2.0.tgz/bin/gtkballs
setgid games for score file, all OK
1858600 112 -rwxr-sr-x 1 root games 57344 Sep 12 19:57 ./icebreaker-1.2.1.tgz/bin/icebreaker
setgid games for score file writing, all OK
2552073 3200 -rwxr-sr-x 1 bin games 1629672 Sep 12 20:01 ./nethack-3.4.0-no_x11.tgz/lib/nethackdir/nethack
2567182 4224 -rwxr-sr-x 1 bin games 2149118 Sep 12 20:04 ./nethack-3.4.0-qt.tgz/lib/nethackdir/nethack
2578705 3376 -rwxr-sr-x 1 bin games 1716796 Sep 12 20:00 ./nethack-3.4.0.tgz/lib/nethackdir/nethack
setgid games for saves, etc
3463946 2832 -rwxr-sr-x 1 bin games 1434861 Sep 12 20:19 ./slash-3.2.2-e8-no_x11.tgz/lib/slashdir/slash
3464138 2992 -rwxr-sr-x 1 bin games 1517579 Sep 12 20:14 ./slash-3.2.2-e8.tgz/lib/slashdir/slash
3465795 3456 -rwxr-sr-x 1 bin games 1760174 Sep 12 20:18 ./slash-em-3.3.1.6e4f8-no_x11.tgz/lib/slashemdir/slashem
3465986 3664 -rwxr-sr-x 1 bin games 1859664 Sep 12 20:16 ./slash-em-3.3.1.6e4f8.tgz/lib/slashemdir/slashem
setgid games, nethack clone it uses stuff in /usr/local/ for saves, etc
3870906 192 -r-xr-sr-x 1 root games 98304 Sep 12 20:19 ./toppler-0.96.tgz/bin/toppler
setgid games, score file, all OK
4298955 368 -rwxr-sr-x 1 root games 196608 Sep 12 20:23 ./xkobo-1.11-harder.tgz/bin/xkobo
4298964 368 -rwxr-sr-x 1 root games 196608 Sep 12 20:23 ./xkobo-1.11.tgz/bin/xkobo
setgid games, score file and such
4327758 176 -r-xr-sr-x 1 root games 90112 Sep 12 20:24 ./xpat2-1.04.tgz/bin/xpat2
setgid games, score file, XXX probably needs a script to handle that
[fixed]
4347044 1984 -r-xr-sr-x 1 root games 1007616 Sep 12 20:28 ./zangband-2.6.2-no_x11.tgz/bin/zangband
4348892 2080 -r-xr-sr-x 1 root games 1052672 Sep 12 20:27 ./zangband-2.6.2.tgz/bin/zangband
setgid games ; see nethack
585764 1280 -rwxr-sr-x 1 bin games 643072 Sep 12 19:38 ./abuse-2.0.tgz/bin/abuse.x11R6
setgid games ; see nethack
599201 1104 -r-xr-sr-x 1 root games 552960 Sep 12 19:40 ./angband-2.9.3-no_x11.tgz/bin/angband
600968 1184 -r-xr-sr-x 1 root games 598016 Sep 12 19:39 ./angband-2.9.3.tgz/bin/angband
setgid games for score file, all looks good
960007 512 -rwxr-sr-x 1 root games 249856 Sep 12 19:43 ./dopewars-1.5.7.tgz/bin/dopewars
setgid games for score files, seems fine
1240661 3296 -rwxr-sr-x 1 root wheel 1675805 Sep 12 19:48 ./falconseye-1.9.3.tgz/lib/falconseyedir/falconseye
setgid games ; see nethack
Visit your host, monkey.org