Avatar of sminfo
sminfo

asked on 

Disable setuid bit on AIX.

wmp, this's for you :-)

Our company was audited. One of the vulnerabilities was:

"AIX-VULN005

setuid bit enabled"        

set user ID upon execution is an access right flags that allow users to run an executable with the permissions of the executable's owner or group. Successful buffer overrun attacks on vulnerable applications allow the attacker to execute arbitrary code under the rights of the process being exploited.      

 MEDIUM

HIGH  

Review these privileges to determine if this is a configuration according to the business needs.
 
I know what setuid is, but not clear if there's a global setup in AIX. As you see, the vulnerability is global "setuid bit enabled"

Any hint on how to solve this?

Thanks.
Unix OS

Avatar of undefined
Last Comment
sminfo
ASKER CERTIFIED SOLUTION
Avatar of sjm_ee
sjm_ee
Flag of United Kingdom of Great Britain and Northern Ireland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of sminfo
sminfo

ASKER

Hi, thanks for answering..

As I said I know about setuid, I have a script which list all setuid files on our AIX servers using find, but I don't understand the possible vulnerability the auditor sent us.. If you take a look, there's more than "disable setuid bit", but how? I can not disable setuid on all files.. the auditor didn't said which file has wrong configuration.... that is what confused me...
SOLUTION
Avatar of gheist
gheist
Flag of Belgium image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
Avatar of Tomunique
Tomunique
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of gheist
gheist
Flag of Belgium image

setuid ir required to allocate shared memory, to change user id, to lock process in memory etc.

you really need more detail where is the problem.

Avatar of sminfo
sminfo

ASKER

Thanks...
Unix OS
Unix OS

Unix is a multitasking, multi-user computer operating system originally developed in 1969 at Bell Labs. Today, it is a modern OS with many commercial flavors and licensees, including FreeBSD, Hewlett-Packard’s UX, IBM AIX and Apple Mac OS-X. Apart from its command-line interface, most UNIX variations support the standardized X Window System for GUIs, with the exception of the Mac OS, which uses a proprietary system.

33K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo