| VID |
14116 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
A file with Set User-ID (SUID) and Set Group-ID (SGID) (especially if it is a file owned by root) can cause root privilege acquisition and normal service failure by executing specific commands. It
is necessary to thoroughly manage security. In case of SUID file owned by root, SUID and SGID attributes are removed except for necessary files, and it is required to periodically diagnose and
manage whether or not it is erroneously set to be a security threat.
* Affected platforms:
UNIX, Linux |
| Recommendation |
You can remove SUID and SGID attributes as follows.
1. How to remove
#chmod -s <file_name>
2. Periodic auditing methods
#find / -user root -type f \ (-perm -04000 -o -perm -02000 \) -xdev -exec ls -al {} \;
3. How to restrict use to specific groups only when necessary
Restrict the use of setuid for general users (only for groups)
# /usr/bin/chgrp <group_name> <setuid_file_name>
# /usr/bin/chmod 4750 <setuid_file_name> |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
