Bug 32072

Summary: setuid w/o immutable flag
Product: Base System Reporter: Peter Avalos <peter>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Peter Avalos 2001-11-18 06:20:01 UTC 
	It seems smart to set the immutable flag on files that are installed
setuid. There are some binaries that do not get the the immutable flag set
when they are installed. If someone did acquire root (all of these files are
setuid root) then they wouldn't be able to replace the binary with a trojanned
one if securelevel > 0 and schg set.

Fix: Below are some unified diffs for some makefiles that install setuid binaries
w/o the immutable flag. I'm not 100% confident about these diffs, and I run a
RELENG_4 box so caveat emptor. Most of the diffs are against HEAD, except for
keyinfo and keyinit which are only in RELENG_4. If I'm totally off my rocker,
feel free to close this PR.
Comment 1 Colin Percival freebsd_committer freebsd_triage 2004-02-11 15:37:00 UTC 
State Changed
From-To: open->closed

This is not a useful security mechanism against an attacker 
who already has root access.  Feel free to read the archives 
and/or post to freebsd-security for a more in-depth discussion 
about the (lack of) merits of securelevel.