SUID set and owned by root

Some files require root permissions to execute properly. The SUID setting forces files to run with the same permissions as their owner, which ensures that programs like su will always have the correct permissions.

In general, SUID should be avoided due to a potential security risk that would occur if an unauthorized user modifies such a file to delete, access, or change sensitive files. As such, no files with the SUID set and owned by root should have global write permissions.

It is normal to see system files, such as su, at, cron, chkey, etc. in this list. Raise an exception only when you spot non-system files or files with loose write permissions.

Further discussion on this topic is available at the following websites:

Unix.com.au

Rutgers.edu

Please click here to ask Chris for guidance on this test or the results that you received.

2-10

	New
Active Directory Date Converter
Unix Timestamp Date Converter
Unix Security Analyzer
Windows Security Analyzer
NIST SP 800-63 password policy compliance checker

	Sponsors

	News: Schneier
UAE Man-in-the-Middle Attack Against SSL Successful Attack Against a Quantum Cryptography System Cyber-Offence is the New Cyber-Defense Wanted: Skein Hardware Help More Skein News

	News: SecurityFocus
News: Change in Focus News: Twitter attacker had proper credentials News: PhotoDNA scans images for child abuse News: Conficker data highlights infected networks Brief: Google offers bounty on browser bugs

	News: CNN
Users amused, annoyed by Facebook Places 'NHL2K11' shoots, but sometimes misses Facebook testing a 'stalker button' iTunes Ping: The missing thing

	Statistics

Mesothelioma Survival