Summary: | sys-apps/shadow: SUID set wrong. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Philipp Kern <phil> |
Component: | New packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Philipp Kern
2004-04-08 06:08:46 UTC
Philipp, I agree however some people don't. Which is why I came up with FEATURES="sfperms" hardened/embedded/selinux/uclibc profiles set this FEATURE by default. Maybe one day the other profiles will set it as well. (it's never caused a single problem) Anyway here is a description of the feature. # 'sfperms' feature for security minded people that causes portage to # remove group+other readable bits on setuid files and # remove the other readable bits on setgid files. -rws--x--x 1 root root 33196 Jul 3 05:20 /bin/su -rws--x--x 1 root root 37244 Jul 3 05:20 /usr/bin/chage -rws--x--x 1 root root 31244 Jul 3 05:20 /usr/bin/chfn -rws--x--x 1 root root 29856 Jul 3 05:20 /usr/bin/chsh -rws--x--x 1 root root 17692 Jul 3 05:20 /usr/bin/expiry -rws--x--x 1 root root 38120 Jul 3 05:20 /usr/bin/gpasswd -rws--x--x 1 root root 21020 Jul 3 05:20 /usr/bin/newgrp -rws--x--x 1 root root 39080 Jul 3 05:20 /usr/bin/passwd added to shadow-4.0.4.1-r4 |