Can anyone tell me where to find a list of valid suid/guid programs on Linux, ideally Ubuntu?
Note I can use find to get a list of suid/sgid programs on my machine, but I want to know if they are real valid programs; is there a list I can compare them against?
One answer (from Rmano on askubuntu, ) is copied below:
One idea - but will need a bit of work in scripting --- be my guest ;-)
Find a suid/sgid file; let's call it scommand
Check from which package has been installed:
dpkg -S /full/path/to/scommand
Compare its permission with the original deb package, by firstly downloading the package:
apt-get download package
Check if the command should have the suid set in the package with
dpkg -c package*deb | grep /full/path/to/scommand
cleanup, rinse, repeat.
Example:
[romano:~/tmp] % ls -l /bin/passwd ls: cannot access /bin/passwd: No such file or directory [romano:~/tmp] 2 % ls -l /usr/bin/passwd -rwsr-xr-x 1 root root 47032 Feb 17 2014 /usr/bin/passwd [romano:~/tmp] % dpkg -S /usr/bin/passwd passwd: /usr/bin/passwd [romano:~/tmp] % apt-get download passwd Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main passwd amd64 1:4.1.5.1-1ubuntu9 [755 kB] Fetched 755 kB in 1s (487 kB/s) [romano:~/tmp] % dpkg -c passwd*.deb| grep /usr/bin/passwd -rwsr-xr-x root/root 47032 2014-02-17 03:42 ./usr/bin/passwd