27 Apr
2018
27 Apr
'18
8:14 p.m.
On Sat, 28 Apr 2018, Dave Horsfall wrote:
On Wed, 25 Apr 2018, Noel Chiappa wrote:
Debian 9:
nicci@jesustheasus:~$ ls -l $(which ps)
-rwxr-xr-x 1 root root 129336 Nov 22 2016 /bin/ps
Debian 8 kFreeBSD:
[usotsuki@licca ~]$ ls -l $(which ps)
-rwxr-xr-x 1 root root 93088 Mar 6 2015 /bin/ps
-uso.
On early PDP-11 Unixes, 'rm' is an
ordinary program, and 'rmdir' is
setuid-root, since it has to do special magic (writing into directory
files, etc). Given that, it made sense to have 'rm' run with the least
amount of privilege needed to do its job.
I am constantly bemused by the number of "setuid root" commands, when a
simple "setgid whatever" will achieve the same task.
My mantra has always been: "If you think you need setuid root, then you are
probably thinking wrong."
My favourite here is the "ps" command:
On my FreeBSD server:
% ls -l /bin/ps
-r-xr-xr-x 1 root wheel 35640 Oct 15 2017 /bin/ps
On my crappy MacBook:
% ls -l /bin/ps
-rwsr-xr-x 1 root wheel 51200 Jul 15 2017 /bin/ps
(I didn't check my Penguin box, because I don't think that I'll like what
I'll see.)
-- Dave