26 Apr
2018
26 Apr
'18
12:17 a.m.
From: William Corcoran
I think it's a bit more interesting to uncover
why rm does not remove
directories by default thereby obviating the need for rmdir
On early PDP-11 Unixes, 'rm' is an ordinary program, and 'rmdir' is
setuid-root, since it has to do special magic (writing into directory files,
etc). Given that, it made sense to have 'rm' run with the least amount of
privilege needed to do its job.
Noel
27 Apr
27 Apr
6:26 p.m.
New subject: rm command
On Wed, 25 Apr 2018, Noel Chiappa wrote:
On early PDP-11 Unixes, 'rm' is an ordinary
program, and 'rmdir' is
setuid-root, since it has to do special magic (writing into directory
files, etc). Given that, it made sense to have 'rm' run with the least
amount of privilege needed to do its job.
I am constantly bemused by the number of "setuid root" commands, when a
simple "setgid whatever" will achieve the same task.
My mantra has always been: "If you think you need setuid root, then you
are probably thinking wrong."
My favourite here is the "ps" command:
On my FreeBSD server:
% ls -l /bin/ps
-r-xr-xr-x 1 root wheel 35640 Oct 15 2017 /bin/ps
On my crappy MacBook:
% ls -l /bin/ps
-rwsr-xr-x 1 root wheel 51200 Jul 15 2017 /bin/ps
(I didn't check my Penguin box, because I don't think that I'll like what
I'll see.)
-- Dave
6:58 p.m.
New subject: rm command
On 2018-04-28 02:26, Dave Horsfall wrote:
On my FreeBSD server:
% ls -l /bin/ps
-r-xr-xr-x 1 root wheel 35640 Oct 15 2017 /bin/ps
On my crappy MacBook:
% ls -l /bin/ps
-rwsr-xr-x 1 root wheel 51200 Jul 15 2017 /bin/ps
Clearly this will depend on how ps is implemented, which is one of the
messier aspects of our favorite OS. If it does its thing just by
reading a pseudo-file or a pseudo-device, then setgid will be enough,
but maybe it needs to execute a root-only system call.
There is a longish thread on comp.unix.programmer right now about this
very topic.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
8:14 p.m.
New subject: rm command
On Sat, 28 Apr 2018, Dave Horsfall wrote:
On Wed, 25 Apr 2018, Noel Chiappa wrote:
Debian 9:
nicci@jesustheasus:~$ ls -l $(which ps)
-rwxr-xr-x 1 root root 129336 Nov 22 2016 /bin/ps
Debian 8 kFreeBSD:
[usotsuki@licca ~]$ ls -l $(which ps)
-rwxr-xr-x 1 root root 93088 Mar 6 2015 /bin/ps
-uso.
On early PDP-11 Unixes, 'rm' is an
ordinary program, and 'rmdir' is
setuid-root, since it has to do special magic (writing into directory
files, etc). Given that, it made sense to have 'rm' run with the least
amount of privilege needed to do its job.
I am constantly bemused by the number of "setuid root" commands, when a
simple "setgid whatever" will achieve the same task.
My mantra has always been: "If you think you need setuid root, then you are
probably thinking wrong."
My favourite here is the "ps" command:
On my FreeBSD server:
% ls -l /bin/ps
-r-xr-xr-x 1 root wheel 35640 Oct 15 2017 /bin/ps
On my crappy MacBook:
% ls -l /bin/ps
-rwsr-xr-x 1 root wheel 51200 Jul 15 2017 /bin/ps
(I didn't check my Penguin box, because I don't think that I'll like what
I'll see.)
-- Dave
8:17 p.m.
New subject: rm command
On 04/27/2018 11:14, Steve Nickolas wrote:
On Sat, 28 Apr 2018, Dave Horsfall wrote:
interesting how the gnu userland marks ps as owner-writable, not sure it
matters, but interesting...
-p
--
Pete Wright
pete(a)nomadlogic.org
@nomadlogicLA
On Wed, 25 Apr 2018, Noel Chiappa wrote:
Debian 9:
nicci@jesustheasus:~$ ls -l $(which ps)
-rwxr-xr-x 1 root root 129336 Nov 22 2016 /bin/ps
Debian 8 kFreeBSD:
[usotsuki@licca ~]$ ls -l $(which ps)
-rwxr-xr-x 1 root root 93088 Mar 6 2015 /bin/ps
On early PDP-11 Unixes, 'rm' is an
ordinary program, and 'rmdir' is
setuid-root, since it has to do special magic (writing into
directory files, etc). Given that, it made sense to have 'rm' run
with the least amount of privilege needed to do its job.
I am constantly bemused by the number of "setuid root" commands, when
a simple "setgid whatever" will achieve the same task.
My mantra has always been: "If you think you need setuid root, then
you are probably thinking wrong."
My favourite here is the "ps" command:
On my FreeBSD server:
% ls -l /bin/ps
-r-xr-xr-x 1 root wheel 35640 Oct 15 2017 /bin/ps
On my crappy MacBook:
% ls -l /bin/ps
-rwsr-xr-x 1 root wheel 51200 Jul 15 2017 /bin/ps
(I didn't check my Penguin box, because I don't think that I'll like
what I'll see.)
-- Dave
28 Apr
28 Apr
6:33 p.m.
New subject: rm command
On 27 Apr 2018 11:17 -0700, from pete(a)nomadlogic.org (Pete Wright):
>> On my FreeBSD server:
>>
>> % ls -l /bin/ps
>> -r-xr-xr-x 1 root wheel 35640 Oct 15 2017 /bin/ps
>>
>> On my crappy MacBook:
>>
>> % ls -l /bin/ps
>> -rwsr-xr-x 1 root wheel 51200 Jul 15 2017 /bin/ps
>
> Debian 9:
>
> nicci@jesustheasus:~$ ls -l $(which ps)
> -rwxr-xr-x 1 root root 129336 Nov 22 2016 /bin/ps
>
> Debian 8 kFreeBSD:
>
> [usotsuki@licca ~]$ ls -l $(which ps)
> -rwxr-xr-x 1 root root 93088 Mar 6 2015 /bin/ps
Debian 7 is the same, except /bin/ps is 93120 bytes there.
interesting how the gnu userland marks ps as
owner-writable, not
sure it matters, but interesting...
That's more likely the package manager, or the packaging done by the
package maintainer, than it is anything about GNU per se.
I've got a gazillion 0755 0:0 binaries on my system. In fact, running
`ls -l /usr/bin | grep -v '^.rwx'` on my desktop Debian box returns
only a handful of hits, all of which are u=rws and a few of which are
g=r-s.
If you're root enough to take advantage of the owner-writable bit on a
file owned by root, then you're root enough to make quite a mess even
if they were mode 0555 or even 0111.
If you want weird, then tell me why on Earth /bin/ping _really_ needs
to be setuid root on Linux (has no one heard of capabilities?), or why
/bin/fusermount is, of all modes they could choose from, `-rwsr-xr--`.
--
Michael Kjörling • https://michael.kjorling.se • michael(a)kjorling.se
“The most dangerous thought that you can have as a creative person
is to think you know what you’re doing.” (Bret Victor)
8:01 p.m.
New subject: rm command
On 2018-04-28 16:33, Michael Kjörling wrote:
/bin/fusermount is, of all modes they could choose
from, `-rwsr-xr--`.
it is setuid root because it needs the mount() syscall.
it is only executable by a group (probably other than root, but you
didn't say) to restrict the functionality to a subset of real users.
I find than debian has these things _very_ well thought out - better
than any Unix-like system in widespread use now. Or rather, 2 years ago
when I stopped using it because systemd.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
8:51 p.m.
New subject: rm command
On Sat, Apr 28, 2018 at 04:33:51PM +0000, Michael Kjörling wrote:
If you want weird, then tell me why on Earth /bin/ping _really_ needs
to be setuid root on Linux (has no one heard of capabilities?),
It doesn't even need that anymore, like darwin it supports SOCK_DGRAM
ICMP sockets, such that ping can be written as an unpriviledged program.
DF
2395
days inactive
2398
days old
7 comments
7 participants
participants (7)
-
Dave Horsfall -
Derek Fawcus -
Ian Zimmerman -
jnc@mercury.lcs.mit.edu -
Michael Kjörling -
Pete Wright -
Steve Nickolas