Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Guidelines for Running a Secure System
Chapter 8774
Guidelines for Running a Secure System
Guidelines for Handling Setuid and Setgid Programs
Since they pose great security liability to your system, note which
programs are setuid and setgid and
• Stay vigilant of any changes to them.
• Investigate further any programs that appear to be needlessly
setuid.
• Change the permission of any unnecessarily setuid program to
setgid.
The long form of the ls command (ll or ls -l) shows setuid programs
by listing S or s instead of - or x for the owner-execute permission. It
shows setgid programs by listing S or s instead of - or x for the
group-execute permission.
You can expect to find setuid and setgid system files, but they should
have the same permissions as provided by the factory media, unless you
have customized them.
Users normally should not have setuid programs, especially setuid to
users other than themselves.
Examine the code of all programs imported from external sources for
destructive programs known as “Trojan Horses.” Never restore a setuid
program for which you have no source to examine.
To allow users access to certain superuser programs, we recommend that
you use Restricted SAM. Restricted SAM allows nonsuperusers to access
particular areas of SAM. The area of SAM allowed is defined in
/etc/sam/custom/
login-name
.cf for a user, where
login-name
is the
user’s login name. See sam (1M) for details.
Why Setuid and Setgid Programs Can Be Risky
Whenever any program is executed, it creates a process with four ID
numbers — real and effective user ID (ruid and euid) and real and
effective group ID (rgid and egid). Typically, these ID pairs are identical.