On Thu, 27 Jul 2000, Martin Macok wrote:
> Hi,
> I believe having less root setuid binaries on system is The Way ...
> so:
>
> Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
> are for sysadmins, not for regular users I hope.
Agreed. System backup should always be done only by root, all other ways
try miserably. Remember BRU?
> Is /sbin/unix_chkpwd really used and what is it used for? I haven't
find
> anything about it in pam documentation.
It allows PAM modules (after some sanity checks - use the source, Luke!)
to access /etc/shadow without further need for uid==0.
> Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does
> anybody really use them on Linux? Maybe these should be extras ... (maybe
> they are needed by POSIX or something similar).
Feel free to delete them if you don't like them. But otherwise yes, there
are users who use them.
> What is /usr/bin/sperl5.00503 (suidperl) being used for? Why this
doesn't
> have a manpage? Is it necessary?
It is necessary for perl to be able to properly execute scripts with suid
bit set. Again: if you don't need that, feel free to delete suidperl.
> According to glibc documentation /usr/libexec/pt_chown doesn't need to
be
> setuid nor is not used at all on RH6.2 (see /usr/doc/glibc-2.1.3/INSTALL),
> why does RH6.2 ships it setuid root?
/usr/libexec/pt_chown is being used for example by my favorite xterm
clone, gnome-terminal. Every xterm-alike apllication needs to chown your
tty. I think that doing it via a small wrapper (pt_chown) is much better
way than giving suid bit to that whole application.
> Does /sbin/netreport need root setgid bit? I could not find it being used
> somewhere by regular users for any good reasons ...
I don't know what /sbin/netreport is being used for, but anyway: sgid root
is harmless. Which doesn't mean that it gid==0 whould be available for
free, of course.
> Have a nice day
2U2 :)
Leos Bitto