Date: Tue, 2 Jul 1996 20:08:03 GMT From: James Raynard <fqueries@jraynard.demon.co.uk> To: jimd@mistery.mcafee.com Cc: tcg@ime.net, dwhite@resnet.uoregon.edu, questions@freebsd.org Subject: Re: src tree owners Message-ID: <199607022008.UAA00658@jraynard.demon.co.uk> In-Reply-To: <201007021826.LAA23381@mistery.mcafee.com> (message from Jim Dennis on Fri, 2 Jul 110 11:26:09 -0700 (PDT))
next in thread | previous in thread | raw e-mail | index | archive | help
> > > On Unix, the `proper` way is for configuration files to be owned by > > > root - it's not a good idea to allow just anybody to change them! > > > > I Agree! My question was/is about the Source tree! I originally wrote "critical files such as source code or configuration files", then changed my mind and deleted the wrong bit. Sorry about that :-( > You might consider simply adding yourself to the 'bin' group Yep, just edit /etc/group. > (and setting the SGID bit on the directories). The default Actually, there's no need to set the SGID bit on the directories, as BSD systems automatically pass the group ownership on to any new sub-directories created in the current directory - see mkdir(2). > configuration seems to leave the sources g+w and owned by > root.bin. Something that just occurred to me - doesn't some network backup software require a .rhosts file for the user "bin"? If so, doesn't this leave the system source code potentially vulnerable? > In a multi-user environment you should consider installing > tripwire and being particularly careful to monitor it for > source tree changes. Anyone who can get a simply change into > any source file -- and get 'root' to build it can effectively > take control of the entire system. (This is true of the system > binaries as well -- but more insidious). Very true. -- James Raynard, Edinburgh, Scotland james@jraynard.demon.co.uk http://www.freebsd.org/~jraynard/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607022008.UAA00658>