1. proposed script to find/change SUID/SGID files: does one exist?
I'm pondering the idea of using Perl to make a script to make it
easier to find and "fix" apps on RPM-based Linux systems with
SUID/SGID bits that can be removed. The basic idea is
- it would be interactive
- it would use 'find' to get a list of files with suid/sgid bits
- initially, for each file, it would give some information from
stat(), and if the filename contains no odd chars and you have RPM
installed, it would tell you what package it came from, and show
information about the package if you'd like.
- it would prompt you for one of three choices: (R)emove the
suid/sgid bit[s], (A)llow the bit, (D)efer decision, where R and A
cause the script to log your choice so next time it runs it will
"remember" what you decided
- this "decision log" would contain a list of full paths, decisions,
and some sort of integrity-checking data, e.g. filesize, ctime, mtime,
and md5sum, as well as initial mode and time of decision
- an "activity log" would contain information from each run of the
script, and would be more readable to make it easy to see what changes
- subsequent runs would use the existing decision log to guide their
behavior. You'd be able to run in "quiet" mode where it would not even
mention apps previously decided on (though it would prompt for "D"
deferrals), unless the size/sum/mtime/ctime had changed. Also you
could use "verbose" mode to review and reconsider previous decisions;
this would probably include a re(V)ert choice in case you decide that
an app needs its initial mode restored.
Does anyone know of such an app? Does this sound useful?
Followups to comp.os.linux.security. Those responding via email
(thanks!) be sure to remove the spam-bait in my From: address.
 I supposed this could be abstracted somewhat to also use other
package systems that allow "what package is this in" queries, e.g.
Debian's dpkg tool.
 Possibly also Unix systems and other Unix-like OS'es, too.
2. XFree86 Configuration Problem( with Stealth 64 Graphics 2001 )
3. What does suid and sgid mean for a directory??
4. Problem with sigacton struct in Sun/Solaris C++
5. [Fwd: Re: SUID, SGID]
6. Sol 2.5 NIS Server & 2.4 NIS Client?
7. Limiting Execution of SUID/SGID Binaries
8. Q: From Field is missing (dtmail, 2.6)
9. SUID, SGID
10. FDs 0, 1, 2 for SUID/SGID programs
11. Suid/sgid shell scripts
12. What dirs are "unsafe" for suid/sgid
13. SUID, SGID, sticky bit, su & chmod questions