for exec "/usr/sbin/in.telnetd" { // Indicator, this process can't run suid // program flags = 1; // monitor, when he tries to run suid program procact = P_SEXEC; } // when sexec event appears on sexec { // is it disallowed process ? if (flags == 1) { // do not allow to run set uid program answer = NO; }
[robo@unicorn robo]$ ls -l /bin/ping -rwsr-xr-x 1 root root 18228 Sep 10 22:04 /bin/ping [robo@unicorn robo]$ ping localhost PING localhost.localdomain (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.7 ms --- localhost.localdomain ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.7/0.7/0.7 ms [robo@unicorn robo]$ telnet localhost Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. Red Hat Linux release 6.1 (Cartman) Kernel 2.2.14 on an i586 login: robo PAM_pwdb[1655]: (login) session opened for user robo by (uid=0) Last login: Sat Jan 22 23:19:13 on tty3 [robo@unicorn robo]$ ping localhost ping: socket: Operation not permitted [robo@unicorn robo]$exit Connection closed by foreign host. [robo@unicorn robo]$ping localhost PING localhost.localdomain (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.7 ms --- localhost.localdomain ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.7/0.7/0.7 ms