Listing 4. Disallowing Execution of suid Programs
for exec "/usr/sbin/in.telnetd" {
// Indicator, this process can't run suid
// program
flags = 1;
// monitor, when he tries to run suid program
procact = P_SEXEC;
}
// when sexec event appears
on sexec {
// is it disallowed process ?
if (flags == 1) {
// do not allow to run set uid program
answer = NO;
}
Output Messages
[robo@unicorn robo]$ ls -l /bin/ping
-rwsr-xr-x 1 root root 18228 Sep 10 22:04 /bin/ping
[robo@unicorn robo]$ ping localhost
PING localhost.localdomain (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.7 ms
--- localhost.localdomain ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.7/0.7/0.7 ms
[robo@unicorn robo]$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Red Hat Linux release 6.1 (Cartman)
Kernel 2.2.14 on an i586
login: robo
PAM_pwdb[1655]: (login) session opened for user robo by (uid=0)
Last login: Sat Jan 22 23:19:13 on tty3
[robo@unicorn robo]$ ping localhost
ping: socket: Operation not permitted
[robo@unicorn robo]$exit
Connection closed by foreign host.
[robo@unicorn robo]$ping localhost
PING localhost.localdomain (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.7 ms
--- localhost.localdomain ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.7/0.7/0.7 ms
Copyright © 1994 - 2019 Linux Journal. All rights reserved.