Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

/usr/bin/ksu and missing suid bit

0 views

Skip to first unread message

Stefan Lambrev

unread,

May 10, 2008, 11:18:46 AM5/10/08

to FreeBSD Stable

Greetings,

What the reason /usr/bin/ksu to be without setuid bit?
Are there any security concerns?
I'm asking because the only way to get ksu working is adding by hand the
suid bit.
For example when you install heimdal from ports it activate the setuid
bit on $prefix/bin/su.

And my second question - is there a option that I can define in src.conf
or make.conf, next time when I build/installworld
ksu to have setuid bit ? (in manual I found only knobs for disabling
kerberos)

Best Wishes,
Stefan Lambrev
ICQ# 24134177

David Wolfskill

unread,

May 10, 2008, 11:30:52 AM5/10/08

to Stefan Lambrev, FreeBSD Stable

On Sat, May 10, 2008 at 06:18:46PM +0300, Stefan Lambrev wrote:
> ...

> And my second question - is there a option that I can define in src.conf
> or make.conf, next time when I build/installworld
> ksu to have setuid bit ? (in manual I found only knobs for disabling
> kerberos)

Define ENABLE_SUID_K5SU to be true.

Ref. the stanza from /usr/share/examples/etc/make.conf:

# Kerberos 5 su (k5su)
# If you want to use the k5su utility, define this to have it installed
# set-user-ID.
#ENABLE_SUID_K5SU=

Peace,
david
--
David H. Wolfskill da...@catwhisker.org
I submit that "conspiracy" would be an appropriate collective noun for cats.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.

0 new messages