10-29-2008 03:54 AM
Hi,
The following is being flagged by our customer's security scan:
/opt/CSCOpx/campus/bin/UTPing
/opt/CSCOpx/campus/bin/UTXPing
/opt/CSCOpx/objects/jet/bin/jet
/opt/CSCOpx/objects/smarts/bin/system/sm_logerror
because they have a special permission-bit (SetUID) set. Permission bit will look like this rwsr-xr-x. With the "s" bit set, the process that runs this script will assume the owner of this file (usually root).
Can we remove the special permission bit? Any input will be appreciated.
Solved! Go to Solution.
10-29-2008 09:55 AM
These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.
10-29-2008 09:55 AM
These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: