[buug] Problems installing open-ssh
Zeke Krahlin
zk_lists at yahoo.com
Wed Jul 26 00:24:28 PDT 2000
Okay, I have resolved the recent glitches, thanks to your suggestions,
Rick. Read on:
--- Rick Moen <rick at linuxmafia.com> wrote:
>> Under the section "SUID Programs", when I run this command:
>>
>> ls -alF `find / -perm -4000` > /root/suid.txt
>>
>> I get a failed result:
>>
>> Try 'ls --help' for more information.
>Possibly, you're using the wrong quote character? I see nothing
>wrong with the syntax as quoted.
Turns out this single quote mark was really the accent character...the one
usually on the same key with the tilde (in upper left corner right below
the [esc] key). That did the trick, and I got the following list in
"suid.txt":
---begin suid.txt:
-rwsr-xr-x 1 root root 19708 Aug 29 1999 /bin/login*
-rwsr-xr-x 1 root root 14888 Aug 15 1999 /bin/su*
---s--s--x 1 lists lists 24512 Aug 17 1999 /etc/smrsh/list*
-rwsr-xr-x 1 root root 12476 Sep 15 1999 /sbin/cardctl*
-r-sr-xr-x 1 root root 11432 Jul 7 1999 /sbin/pwdb_chkpwd*
-rws--x--x 1 root root 5128 Sep 6 1999
/usr/X11R6/bin/Xwrapper*
-rwsr-xr-x 1 root root 795 Aug 12 1999
/usr/X11R6/bin/imwheel-solo*
-rwsr-xr-x 1 root root 33004 Jun 22 1999 /usr/bin/at*
-rwsr-xr-x 1 root root 27336 May 1 1999 /usr/bin/crontab*
-r-sr-sr-x 1 uucp uucp 127396 Aug 17 1999 /usr/bin/cu*
-rwsr-xr-x 1 root root 4998 Aug 8 1999
/usr/bin/disable-paste*
-rwsr-xr-x 1 root root 901480 Jul 14 1999 /usr/bin/dos*
-rwsr-xr-x 1 root root 5264 Sep 16 1999
/usr/bin/konsole_grantpty*
-rwsr-sr-x 1 root root 481876 Sep 13 1999 /usr/bin/kppp*
-r-sr-sr-x 1 root lp 15664 Jul 20 1999 /usr/bin/lpq*
-r-sr-sr-x 1 root lp 15496 Jul 20 1999 /usr/bin/lpr*
-r-sr-sr-x 1 root lp 16124 Jul 20 1999 /usr/bin/lprm*
-r-sr-xr-x 1 root bin 58306 Apr 12 1999 /usr/bin/passwd*
-rwsr-sr-x 1 root mail 68808 Apr 12 1999 /usr/bin/procmail*
-rwsr-xr-x 1 root root 14672 May 2 1999 /usr/bin/rcp*
-rwsr-xr-x 1 root root 10448 May 2 1999 /usr/bin/rlogin*
-rwsr-xr-x 1 root root 7776 May 2 1999 /usr/bin/rsh*
-rws--x--x 2 root root 525828 Jul 12 1999
/usr/bin/sperl5.00503*
-rws--x--x 2 root root 525828 Jul 12 1999 /usr/bin/suidperl*
-r-sr-xr-x 1 uucp uucp 91900 Aug 17 1999 /usr/bin/uucp*
-r-sr-sr-x 1 uucp uucp 38412 Aug 17 1999 /usr/bin/uuname*
-r-sr-xr-x 1 uucp uucp 100212 Aug 17 1999 /usr/bin/uustat*
-r-sr-xr-x 1 uucp uucp 92348 Aug 17 1999 /usr/bin/uux*
-rwsr-xr-x 1 root root 13756 May 18 1999 /usr/bin/vboxbeep*
-rwsr-xr-x 1 root root 14788 May 18 1999 /usr/bin/xmonisdn*
-rwsr-xr-x 1 root root 9295 Sep 9 1999
/usr/libexec/pt_chown*
-rwsr-xr-x 1 root root 8840 Aug 21 1999
/usr/sbin/gnome-pty-helper*
-rwsr-sr-x 1 root root 324380 Jul 8 1999
/usr/sbin/sendmail*
-rwsr-xr-x 1 root root 10084 May 5 1999
/usr/sbin/userhelper*
-r-sr-sr-x 1 uucp uucp 224432 Aug 17 1999 /usr/sbin/uucico*
-r-sr-sr-x 1 uucp uucp 102156 Aug 17 1999 /usr/sbin/uuxqt*
---end suid.txt
So I edited this list to create a little script to run "chmod a-s" on each
of the files in this list. Then I made the list executable, and ran it.
Wallah! But when I tried to run kppp to dial out, I was informed it does
not have SUID capability. So I did a "chmod a+s /usr/bin/kppp", and all
was okay again.
>> After making all the changes laid out in his essay, I reboot (using the
>> reboot option in the KDE log-out box), only to get this screen report:
>Unfortunately, adding security to a laxily-designed system not only is
>inconvenient but also tends to break things. I hope you kept a good
>record of what you did, so you can reverse some or all of it until you
>can determine what in your (Mandrake?) distribution depends on bad
>security settings.
>It might very well be some binary your system is designed to have SUID
>root.
Since the screen halted after this error line:
INIT: cannot execute "/etc/rc.d/rc"
I figure that maybe file "rc" was supposed to be executable. Though no
instructions for securing this file were mentioned, perhaps I had done a
"chmod -x" on this file inadvertantly. (I might have confused that file
for "rc.local", which was intentionally tampered with.) So I ran "chmod +x
/etc/rc.d/rc", and now, the system shuts down and reboots correctly...no
more annoying "fsck" each time I boot up.
I discovered that, after securing my system a la Chris Stoddard,
<http://www.linuxgazette.com/issue55/stoddard.html>, that I no longer can
run as super user, while regular user. But this is easily overcome by
switching to another console, and logging in as root. But doesn't this
make me vulnerable again, as long as I have a console running in root,
while connected to the Internet (or any network)? So I should only do this
while not connected, eh? (Oh, I am so clever!)
Now, I still need to further secure my ports, as testing them on
Shields-UP! site, <https://grc.com/>, revealed them to all be closed.
Which is very good, but not good enough. Ideally, the ports should all
list as "stealth". So I continue my studies, very happy to have gotten
through step one of Security 101...with much thanks to your direction.
And now, to procede once more with this ssh thingie, now that I have
downloaded the correct files. Stay tuned!
=====
Zeke Krahlin
zk_lists at yahoo.com
---
Linux: the people's OS.
A billion communists can't be wrong!
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail Free email you can access from anywhere!
http://mail.yahoo.com/
More information about the buug
mailing list