LMS 3.0 - Special Permission Bit (SetUID)

Answered Question
Oct 29th, 2008

Hi,


The following is being flagged by our customer's security scan:


/opt/CSCOpx/campus/bin/UTPing

/opt/CSCOpx/campus/bin/UTXPing

/opt/CSCOpx/objects/jet/bin/jet

/opt/CSCOpx/objects/smarts/bin/system/sm_logerror


because they have a special permission-bit (SetUID) set. Permission bit will look like this rwsr-xr-x. With the "s" bit set, the process that runs this script will assume the owner of this file (usually root).


Can we remove the special permission bit? Any input will be appreciated.

Correct Answer by Joe Clarke about 8 years 4 months ago

These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Wed, 10/29/2008 - 09:55

These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.

Actions

This Discussion