Re: High ranking lusers

From: Paul D. Robertson (probertsat_private)
Date: Thu Apr 16 1998 - 06:15:40 PDT

Next message: emaiwaldat_private: "Re: Intrusion Detection"

Previous message: Bennett Todd: "Re: High ranking lusers"
Maybe in reply to: Anonymous: "High ranking lusers"
Next in thread: carsonat_private: "Re: High ranking lusers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16 Apr 1998, Anonymous wrote:

> true, recent and sad
> 
> 
> Little Boss:  The Big Boss wants a shell script to be setuid root.
> 
> Me:  Why ? [Thinks: Gotta get an alternative to that!
>             He's probably only just heard of setuid bits.]
> 
> LB: He wants his scripts to use ftp, and ftp can only be run by root,
>            (because security dept believe in client-side access control)
>     and he already has a shell script wrapper to call ftp for some reason,
>     so now he wants it to be setuid root.
> 
> Me: There are loads of problems with setuid scripts.
>     [Any introductory book says so.  How can I be diplomatic about this?
>      So is the boss happier to keep the letter of the S.D. law, while
>      breaking the spirit?  Can we get this user added as 'can also ftp'?
>      Why don't they leave things alone until they have time to install
>      a good transfer program with OTP or better?]
> 
> 
> LB: He wants it soon, and he's going to call it 'secure_ftp'.
> 
> Me: <silence>  [What excuse would Dilbert invent?]

Choice 1:

mkuser route;chown route script_wrapper;chmod u+s script_wrapper

"Ok, it's setuid route" <pronounced like Root>

Choice 2:

Articulate the risks and ask if they're sure they reallyreally want to 
add a potential compromise point of such magnitude.  Most managers are 
loathe to make such a request, especially in writing.  I generally try to 
articulate the risks to the initiator of the request.  They're not always 
happy, but once they understand the bigger picture, most of them decide 
that the alternative I usually provide is a much better answer.

Choice 3:

Make sure that the script calls a "controled client" if that meets the 
policy.

Choice 4: 

Find out what he wants his scripts to do, then see if there's a better 
alternative from a functionality and security standpoint.

Choice 5:

Make the security department handle the whole thing.  They should be able 
to do one of the above.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
probertsat_private      which may have no basis whatsoever in fact."
                                                                     PSB#9280

Next message: emaiwaldat_private: "Re: Intrusion Detection"
Previous message: Bennett Todd: "Re: High ranking lusers"
Maybe in reply to: Anonymous: "High ranking lusers"
Next in thread: carsonat_private: "Re: High ranking lusers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:11 PDT