Solved: LMS 3.0 - Special Permission Bit (SetUID)

dany.datacraft · ‎10-29-2008

Hi,

The following is being flagged by our customer's security scan:

/opt/CSCOpx/campus/bin/UTPing

/opt/CSCOpx/campus/bin/UTXPing

/opt/CSCOpx/objects/jet/bin/jet

/opt/CSCOpx/objects/smarts/bin/system/sm_logerror

because they have a special permission-bit (SetUID) set. Permission bit will look like this rwsr-xr-x. With the "s" bit set, the process that runs this script will assume the owner of this file (usually root).

Can we remove the special permission bit? Any input will be appreciated.

Joe Clarke · ‎10-29-2008

These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.

View solution in original post

Joe Clarke · ‎10-29-2008

These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.