SUID /usr/bin/rsh on Stable 4.8 after installworld
Jim
waif at ntropolis.com
Sun Oct 26 06:10:18 PST 2003
I am very new to FreeBSD, so I know there is a simple answer to this:
I have installed FreeBSD 4.8 Stable on a machine. The installation always
runs like silk. I then begin locking down some of the machine's conf files,
shut down unecessary daemons, etc. This includes setting permissions on
unused suid/sgid binaries to 000. This process always works fine, and even
after reboot, the binaries I have reduced permissions on stay reduced.
At some point in this process however, I get to cvsup, buildworld, and
installworld. This process re-enables the old permissions on the files I so
diligently locked down. I would expect there is a flag or include/exclude
file somewhere I need to lookup to prevent cvsup from doing this in the
first place, but like I said, I'm new.
The problem I need help with though, is the fact that I cannot chmod 000
certain binaries after this process (for example: /usr/bin/rsh,
/usr/bin/yppasswd, /usr/bin/ypchfn, etc.). The following occurs:
# chmod 000 /usr/bin/rsh
chmod: /usr/bin/rsh: Operation not permitted
A listing of the file:
# ll /usr/bin/rsh
-r-sr-xr-x 1 root wheel 7980 Oct 26 07:36 /usr/bin/rsh
I am logged in as root on the console. My cvs-supfile is very basic:
*default host=cvsup8.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs
*default compress
src-all tag=RELENG_4_8
ports-all tag=.
What changes during installworld that prevents me from shutting these down
again?
If anyone needs more information, just let me know what you're looking for.
Jim
More information about the freebsd-questions
mailing list