27 Apr
2018
27 Apr
'18
6:26 p.m.
On Wed, 25 Apr 2018, Noel Chiappa wrote:
On early PDP-11 Unixes, 'rm' is an ordinary
program, and 'rmdir' is
setuid-root, since it has to do special magic (writing into directory
files, etc). Given that, it made sense to have 'rm' run with the least
amount of privilege needed to do its job.
I am constantly bemused by the number of "setuid root" commands, when a
simple "setgid whatever" will achieve the same task.
My mantra has always been: "If you think you need setuid root, then you
are probably thinking wrong."
My favourite here is the "ps" command:
On my FreeBSD server:
% ls -l /bin/ps
-r-xr-xr-x 1 root wheel 35640 Oct 15 2017 /bin/ps
On my crappy MacBook:
% ls -l /bin/ps
-rwsr-xr-x 1 root wheel 51200 Jul 15 2017 /bin/ps
(I didn't check my Penguin box, because I don't think that I'll like what
I'll see.)
-- Dave