Blame
Date:
Wed May 4 04:00:32 2022
UTC
Message:
Daily backup
11
2021-12-17
text=(:title SetUID:)%0a%0asetuid and setgid are short for "set user ID" and "set group ID". It allows users to run a program with the same user and group as the owner and group of the executable. This lets the user temporarily have more privileges than he normally would. For example, if a program has the setuid flag set and is owned by root, the program will have the user root when executed by a normal user. This is essential for allowing non-staff users to run programs such as ping, because ping must send and listen to packets on a network interface. Normally, only root would have access to the network interface, but setuid allows any user to run ping.%0a%0aAs you can probably guess, this could be a massive security risk. If the setuid is set for a badly designed program, a user could exploit a bug to become root.%0a%0aHere is a command to detect any files that have the setuid flag:%0a%0a[@%0a# find / -perm -4000%0a/usr/bin/chfn%0a/usr/bin/chpass%0a/usr/bin/chsh%0a/usr/bin/doas%0a/usr/bin/lpr%0a/usr/bin/lprm%0a/usr/bin/passwd%0a/usr/bin/su%0a/usr/libexec/auth/login_chpass%0a/usr/libexec/auth/login_lchpass%0a/usr/libexec/auth/login_passwd%0a/usr/libexec/lockspool%0a/usr/libexec/ssh-keysign%0a/usr/sbin/authpf%0a/usr/sbin/authpf-noip%0a/usr/sbin/pppd%0a/usr/sbin/traceroute%0a/usr/sbin/traceroute6%0a/sbin/ping%0a/sbin/ping6%0a/sbin/shutdown%0a@]%0a%0aThe files above are trusted and audited by the OpenBSD developers and part of the operating system.%0a%0a'''WARNING''': If you see any other binaries, then watch out! You may want to delete packages that created those files, or delete the files themselves. These files may be a serious security risk to your server.
15
2021-12-17
diff:1611816784:1611816424:=14c14%0a%3c /usr/bin/doas%0a---%0a> /usr/bin/doas %0a16,18c16,18%0a%3c /usr/bin/lprm%0a%3c /usr/bin/passwd%0a%3c /usr/bin/su%0a---%0a> /usr/bin/lprm %0a> /usr/bin/passwd %0a> /usr/bin/su %0a22c22%0a%3c /usr/libexec/lockspool%0a---%0a> /usr/libexec/lockspool %0a24c24%0a%3c /usr/sbin/authpf%0a---%0a> /usr/sbin/authpf %0a
18
2021-12-17
diff:1611816424:1611815956:=34,36c34%0a%3c The files above are trusted and audited by the OpenBSD developers and part of the operating system.%0a%3c %0a%3c '''WARNING''': If you see any other binaries, then watch out! You may want to delete packages that created those files, or delete the files themselves. These files may be a serious security risk to your server.%0a\ No newline at end of file%0a---%0a> Those files are trusted and audited by the OpenBSD developers. However, if you see any other binaries, then watch out! You may want to delete packages that create those files because they may pose a serious security risk to your server.%0a\ No newline at end of file%0a
21
2021-12-17
diff:1611815956:1611815779:=5,8c5,6%0a%3c As you can probably guess, this could be a massive security risk. If the setuid is set for a badly designed program, a user could exploit a bug to become root.%0a%3c %0a%3c Here is a command to detect any files that have the setuid flag:%0a%3c %0a---%0a> As you can probably guess, this could be a massive security risk.%0a> %0a10a9%0a> %0a32,34c31%0a%3c @]%0a%3c %0a%3c Those files are trusted and audited by the OpenBSD developers. However, if you see any other binaries, then watch out! You may want to delete packages that create those files because they may pose a serious security risk to your server.%0a\ No newline at end of file%0a---%0a> @]%0a\ No newline at end of file%0a
27
2021-12-17
diff:1611815696:1611815363:=1,5d0%0a%3c (:title SetUID:)%0a%3c %0a%3c setuid and setgid are short for "set user ID" and "set group ID". It allows users to run a program with the same user and group as the owner and group of the executable. This lets the user temporarily have more privileges than he normally would. For example, if a program has the setuid flag set and is owned by root, the program will have the user root when executed by a normal user. This is essential for allowing non-staff users to run programs such as ping, because ping must send and listen to packets on a network interface. Normally, only root would have access to the network interface, but setuid allows any user to run ping.%0a%3c %0a%3c As you can probably guess, this could be a massive security risk.%0a
33
2021-12-17
diff:1611806717:1611806689:=1,5d0%0a%3c %0a%3c %0a%3c [@%0a%3c # find / -perm -4000%0a%3c %0a27d21%0a%3c @]%0a\ No newline at end of file%0a
36
2021-12-17
diff:1611806689:1611806689:=1,21d0%0a%3c /usr/bin/chfn%0a%3c /usr/bin/chpass%0a%3c /usr/bin/chsh%0a%3c /usr/bin/doas %0a%3c /usr/bin/lpr%0a%3c /usr/bin/lprm %0a%3c /usr/bin/passwd %0a%3c /usr/bin/su %0a%3c /usr/libexec/auth/login_chpass%0a%3c /usr/libexec/auth/login_lchpass%0a%3c /usr/libexec/auth/login_passwd%0a%3c /usr/libexec/lockspool %0a%3c /usr/libexec/ssh-keysign%0a%3c /usr/sbin/authpf %0a%3c /usr/sbin/authpf-noip%0a%3c /usr/sbin/pppd%0a%3c /usr/sbin/traceroute%0a%3c /usr/sbin/traceroute6%0a%3c /sbin/ping%0a%3c /sbin/ping6%0a%3c /sbin/shutdown%0a