[SATLUG] Quiz time!
Curt Bryson (GMail)
curt.bryson at gmail.com
Wed Jul 18 18:38:18 CDT 2007
setuid root is a potential security vulnerability - assuming no other
mitigations are in effect - in that if you can execute code either
within or with them, that action (or the actions called) would be
performed as root, having god privelege.
On Wed, 2007-07-18 at 17:44 -0500, Thomas King wrote:
> > Thomas King wrote:
> >> What will the command ‘ find / -perm –4000 –user root’ do?
> >
> > Find all setuid files and directories that are owned by root, including
> > root and all subdirectories. By setting 0 for user, group, and all, you
> > ignore those permissions, focusing only on the setuid permission.
> >
> > If you were to choose -perm -4700 -user root, then you would get only
> > executable, writable, readable files and directories owned by root.
> >
> > Yay permissions!
>
> We have a winnah!!
>
> Part 2: Why would it be important to know what files owned by root has the SUID
> set?
More information about the SATLUG
mailing list