[lug] suid removal help

Thu Jun 21 20:28:38 MDT 2001

> /usr/bin/crontab        #left as is, need suggestion

If you let normal users use cron.. you'll need this.  crontab is only used
to edit crons... not to start cron jobs.  crond runs jobs, and it runs as
root.

> /usr/bin/at             #left as is, need suggestion

Same as above

> /usr/bin/passwd         #left as is, need suggestion

If you allow regular users to change their own password, then you'll need
to leave this.

> /usr/bin/suidperl       #left as is, need suggestion

I don't know what this is... but it just sounds bad.

> /usr/bin/sperl5.00503   #left as is, need suggestion

This probably has somethign to do with suidperl.

> /usr/bin/lockfile       #left as is, need suggestion

Sempahore file generator probably used by procmail. You probably use
procmail as your local delivery agent... leave this.

> /usr/bin/procmail       #left as is, need suggestion

Leave this.

> /usr/bin/chfn           #left as is, need suggestion

I don't think anyone actually uses chfn anymore :).  (change finger info)

> /usr/bin/chsh           #left as is, need suggestion

change shell.... probably safe here.

> /usr/local/bin/sudo     #left as is, need suggestion

If you don't use sudo... you should remove the sudo package.

rpm -q -a | grep -i sudo

rpm -e packagename

> /usr/sbin/utempter      #left as is, need suggestion

I don't know what this is

> /usr/libexec/pt_chown   #left as is, need suggestion

don't know

> /bin/su                 #left as is, need suggestion

Leave this.

> /bin/ping               #chmod 711

Normal users won't be able to ping if this is not setuid.

> /sbin/pwdb_chkpwd       #left as is, need suggestion
> /sbin/unix_chkpwd       #left as is, need suggestion

i don't know what these are.