How to Shutdown SUID and SGID Doors for better security

If you are an administrator or a security specialist, you should know your system inside and out. You already know that one of the potential security problems is SUID or SGID bits. You have to clear these bits for all programs that you are not using. But how can you find programs that have these bits set? Use the following command:

find / \( -perm -02000 -o -perm -04000 \) -ls

This command will find all files that have 02000 or 04000 rights, which corresponds to the SUID or SGID bits set. The following is an example of the command's execution:

130337  64 -rwsr-xr-x   1 root root   60104  Jul  29 2002 /bin/mount
130338  32 -rwsr-xr-x   1 root root   30664  Jul  29 2002 /bin/umount
130341  36 -rwsr-xr-x   1 root root   35040  Jul  19 2002 /bin/ping
130365  20 -rwsr-xr-x   1 root root   19072  Jul  10 2002 /bin/su

The most dangerous thing security-wise in this list is that all of the programs have root permissions and can be executed by a user or a group member. There are programs with SUID and SGID bits set that belong to other users in the system, but most have the root ownership.

If you do not use a program, either delete it or clear the bits. If you think that there are no unnecessary programs in your system, think again. Perhaps, there is something you can do without. For example, if a program is not a must for a server, its SUID bit can be cleared.

I can surely say that this can enhance the security on the linux box, ya..

neways, i guess u like the post. Enjoy hacking, Enjoy HAckton.

Any comments or suggestions are always welcomed. You can be in direct touch with me at shubham@hackplanet.in .