From owner-freebsd-security Sun Apr 2 13:30:15 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA10354 for security-outgoing; Sun, 2 Apr 1995 13:30:15 -0700 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id NAA10347 for ; Sun, 2 Apr 1995 13:30:10 -0700 Received: by halloran-eldar.lcs.mit.edu; id AA21539; Sun, 2 Apr 1995 16:29:42 -0400 Date: Sun, 2 Apr 1995 16:29:42 -0400 From: Garrett Wollman Message-Id: <9504022029.AA21539@halloran-eldar.lcs.mit.edu> To: Paul Traina Cc: security@FreeBSD.org Subject: root owning everything In-Reply-To: <199504011850.KAA15088@precipice.shockwave.com> References: <199504011850.KAA15088@precipice.shockwave.com> Sender: security-owner@FreeBSD.org Precedence: bulk < said: > Except for setuid files, the majority of files in / and /usr should be owned > by root, not bin, so that I can't nfsmount a volume read-write and su to > bin and have a party. > An alternative would be to map uid bin to nobody the same way root is done. If you care about security, you'll map almost everybody to nobody in /etc/exports. I'm not sure if this works right now. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant