[buug] Problems installing open-ssh

Zeke Krahlin zk_lists at yahoo.com
Wed Jul 26 00:24:28 PDT 2000 

Okay, I have resolved the recent glitches, thanks to your suggestions,
Rick. Read on:

--- Rick Moen <rick at linuxmafia.com> wrote:
>> Under the section "SUID Programs",  when I run this command:
>> 
>>       ls -alF `find / -perm -4000` > /root/suid.txt
>> 
>> I get a failed result:
>> 
>>       Try 'ls --help' for more information.

>Possibly, you're using the wrong quote character?  I see nothing 
>wrong with the syntax as quoted.

Turns out this single quote mark was really the accent character...the one
usually on the same key with the tilde (in upper left corner right below
the [esc] key). That did the trick, and I got the following list in
"suid.txt":

---begin suid.txt:

-rwsr-xr-x    1 root     root        19708 Aug 29  1999 /bin/login*
-rwsr-xr-x    1 root     root        14888 Aug 15  1999 /bin/su*
---s--s--x    1 lists    lists       24512 Aug 17  1999 /etc/smrsh/list*
-rwsr-xr-x    1 root     root        12476 Sep 15  1999 /sbin/cardctl*
-r-sr-xr-x    1 root     root        11432 Jul  7  1999 /sbin/pwdb_chkpwd*
-rws--x--x    1 root     root         5128 Sep  6  1999
/usr/X11R6/bin/Xwrapper*
-rwsr-xr-x    1 root     root          795 Aug 12  1999
/usr/X11R6/bin/imwheel-solo*
-rwsr-xr-x    1 root     root        33004 Jun 22  1999 /usr/bin/at*
-rwsr-xr-x    1 root     root        27336 May  1  1999 /usr/bin/crontab*
-r-sr-sr-x    1 uucp     uucp       127396 Aug 17  1999 /usr/bin/cu*
-rwsr-xr-x    1 root     root         4998 Aug  8  1999
/usr/bin/disable-paste*
-rwsr-xr-x    1 root     root       901480 Jul 14  1999 /usr/bin/dos*
-rwsr-xr-x    1 root     root         5264 Sep 16  1999
/usr/bin/konsole_grantpty*
-rwsr-sr-x    1 root     root       481876 Sep 13  1999 /usr/bin/kppp*
-r-sr-sr-x    1 root     lp          15664 Jul 20  1999 /usr/bin/lpq*
-r-sr-sr-x    1 root     lp          15496 Jul 20  1999 /usr/bin/lpr*
-r-sr-sr-x    1 root     lp          16124 Jul 20  1999 /usr/bin/lprm*
-r-sr-xr-x    1 root     bin         58306 Apr 12  1999 /usr/bin/passwd*
-rwsr-sr-x    1 root     mail        68808 Apr 12  1999 /usr/bin/procmail*
-rwsr-xr-x    1 root     root        14672 May  2  1999 /usr/bin/rcp*
-rwsr-xr-x    1 root     root        10448 May  2  1999 /usr/bin/rlogin*
-rwsr-xr-x    1 root     root         7776 May  2  1999 /usr/bin/rsh*
-rws--x--x    2 root     root       525828 Jul 12  1999
/usr/bin/sperl5.00503*
-rws--x--x    2 root     root       525828 Jul 12  1999 /usr/bin/suidperl*
-r-sr-xr-x    1 uucp     uucp        91900 Aug 17  1999 /usr/bin/uucp*
-r-sr-sr-x    1 uucp     uucp        38412 Aug 17  1999 /usr/bin/uuname*
-r-sr-xr-x    1 uucp     uucp       100212 Aug 17  1999 /usr/bin/uustat*
-r-sr-xr-x    1 uucp     uucp        92348 Aug 17  1999 /usr/bin/uux*
-rwsr-xr-x    1 root     root        13756 May 18  1999 /usr/bin/vboxbeep*
-rwsr-xr-x    1 root     root        14788 May 18  1999 /usr/bin/xmonisdn*
-rwsr-xr-x    1 root     root         9295 Sep  9  1999
/usr/libexec/pt_chown*
-rwsr-xr-x    1 root     root         8840 Aug 21  1999
/usr/sbin/gnome-pty-helper*
-rwsr-sr-x    1 root     root       324380 Jul  8  1999
/usr/sbin/sendmail*
-rwsr-xr-x    1 root     root        10084 May  5  1999
/usr/sbin/userhelper*
-r-sr-sr-x    1 uucp     uucp       224432 Aug 17  1999 /usr/sbin/uucico*
-r-sr-sr-x    1 uucp     uucp       102156 Aug 17  1999 /usr/sbin/uuxqt*

---end suid.txt

So I edited this list to create a little script to run "chmod a-s" on each
of the files in this list. Then I made the list executable, and ran it.
Wallah! But when I tried to run kppp to dial out, I was informed it does
not have SUID capability. So I did a "chmod a+s /usr/bin/kppp", and all
was okay again.

>> After making all the changes laid out in his essay, I reboot (using the
>> reboot option in the KDE log-out box), only to get this screen report:

>Unfortunately, adding security to a laxily-designed system not only is 
>inconvenient but also tends to break things.  I hope you kept a good
>record of what you did, so you can reverse some or all of it until you
>can determine what in your (Mandrake?) distribution depends on bad
>security settings.

>It might very well be some binary your system is designed to have SUID
>root.

Since the screen halted after this error line:

	INIT: cannot execute "/etc/rc.d/rc" 

I figure that maybe file "rc" was supposed to be executable. Though no
instructions for securing this file were mentioned, perhaps I had done a
"chmod -x" on this file inadvertantly. (I might have confused that file
for "rc.local", which was intentionally tampered with.) So I ran "chmod +x
/etc/rc.d/rc", and now, the system shuts down and reboots correctly...no
more annoying "fsck" each time I boot up.

I discovered that, after securing my system a la Chris Stoddard,
<http://www.linuxgazette.com/issue55/stoddard.html>, that I no longer can
run as super user, while regular user. But this is easily overcome by
switching to another console, and logging in as root. But doesn't this
make me vulnerable again, as long as I have a console running in root,
while connected to the Internet (or any network)? So I should only do this
while not connected, eh? (Oh, I am so clever!)

Now, I still need to further secure my ports, as testing them on
Shields-UP! site, <https://grc.com/>, revealed them to all be closed.
Which is very good, but not good enough. Ideally, the ports should all
list as "stealth". So I continue my studies, very happy to have gotten
through step one of Security 101...with much thanks to your direction.

And now, to procede once more with this ssh thingie, now that I have
downloaded the correct files. Stay tuned!


=====
Zeke Krahlin
zk_lists at yahoo.com
---
Linux: the people's OS.
A billion communists can't be wrong!

__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

More information about the buug mailing list