Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS 3.0 - Special Permission Bit (SetUID)

Hi,

The following is being flagged by our customer's security scan:

/opt/CSCOpx/campus/bin/UTPing

/opt/CSCOpx/campus/bin/UTXPing

/opt/CSCOpx/objects/jet/bin/jet

/opt/CSCOpx/objects/smarts/bin/system/sm_logerror

because they have a special permission-bit (SetUID) set. Permission bit will look like this rwsr-xr-x. With the "s" bit set, the process that runs this script will assume the owner of this file (usually root).

Can we remove the special permission bit? Any input will be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS 3.0 - Special Permission Bit (SetUID)

These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.

1 REPLY
Cisco Employee

Re: LMS 3.0 - Special Permission Bit (SetUID)

These executables need to be setuid root. The UT*Ping applications need this bit because creating ICMP packets requires root privilege on UNIX. Jet needs this bit if you want to be able to run the packet capture feature. Sm_logerror needs this big so that DFM can correctly execute some of its tasks. Changing the permissions on these files would break features in LMS.

107
Views
0
Helpful
1
Replies
CreatePlease login to create content