Setuid
625
Comment: Adding mtr. It looks good.
|
805
Added mount
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
|| iputils || /bin/ping, /bin/ping6, /bin/arping || yes || possible || UNKNOWN || || | || iputils || /bin/ping, /bin/ping6, /bin/arping, /usr/bin/traceroute6.iputils || yes || possible || UNKNOWN || || |
Line 7: | Line 7: |
|| util-linux || /bin/mount, /bin/umount || needed || no || n/a || Checks: if (getuid () != geteuid ()). Should check for CAP_SYS_ADMIN capability|| |
This is a list of setuid applications that need investigation. See the [https://lists.ubuntu.com/archives/ubuntu-hardened/2007-October/000217.html mailinglist post] about this for more information.
Source Package Name |
setuid Files |
De-rooted |
Capabilities |
Changes Sent Upstream |
Comments |
iputils |
/bin/ping, /bin/ping6, /bin/arping, /usr/bin/traceroute6.iputils |
yes |
possible |
UNKNOWN |
|
fping |
/bin/fping |
needed |
|
no |
Checks: if ( geteuid() ) {... exit(3); Will patch and send upstream -JeffSchroeder |
mtr |
/usr/bin/mtr |
yes |
possible |
n/a |
n/a |
util-linux |
/bin/mount, /bin/umount |
needed |
no |
n/a |
Checks: if (getuid () != geteuid ()). Should check for CAP_SYS_ADMIN capability |
Security/Investigation/Setuid (last edited 2013-07-23 07:07:01 by 74)