|
|
The setuid feature allows executables launched by a "user" to run with "root" privledges. A typical example is the passwd program. Crackers/hackers exploit some setuid programs in order to gain root level access. Therefore, a system administrator should hunt down all the setuid programs on a system and remove them, or evaluate them. Check for "rws----" permissions to see if an executable is setuid root. Run find / -perm +4000 -print to locate all setuid files. Add "-user root" in order to find just those that elevate to root.
|
