From owner-freebsd-security  Mon Nov 16 02:55:48 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA20130
          for freebsd-security-outgoing; Mon, 16 Nov 1998 02:55:48 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA20125
          for <freebsd-security@FreeBSD.ORG>; Mon, 16 Nov 1998 02:55:46 -0800 (PST)
          (envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.1/8.9.1) id CAA18393;
	Mon, 16 Nov 1998 02:55:14 -0800 (PST)
	(envelope-from dillon)
Date: Mon, 16 Nov 1998 02:55:14 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199811161055.CAA18393@apollo.backplane.com>
To: Warner Losh <imp@village.org>
Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>,
        freebsd-security@FreeBSD.ORG
Subject: Re: Would this make FreeBSD more secure? 
References: <19981116072937.E969@internal>  <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <19981115192224.A29686@internal> <199811152210.PAA01604@harmony.village.org>  <199811160658.XAA01912@harmony.village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


:
:This would plug some potential holes in a small number of
:applications.  I'm not sure that it is worth it on the effort/return
:front.  I can think of only a few programs that might benefit from
:this, and a similar benefit could likely be had with a PAM module that
:talked to a password server which did all the right things.  However,
:that too add complexity, which makes it harder to secure things....
:
:Warner

    There are only a limited number of programs that run as root or are
    suid root.  Being able to plug even half a dozen of them by removing
    their root privilages would be a major win. 

    I can find no good reason why, for example, ntalkd must be run as root.
    It does a stupid getuid() test in main() that should be ripped out...
    it really only needs tty group access to work.

    identd sure doesn't need root.  kmem group access is plenty sufficient.

    Both of these are turned on by default in inetd.conf, neither of these
    requires root.  All it would take to fix them would be to add two dummy
    users to master.passwd 'tty' and 'kmem' (with bin group privs), to fix
    talkd.c to remove the silly getuid() test, and to fix inetd.conf (run 
    ntalkd as tty:tty and identd as kmem:kmem).

    I wonder how many other programs can be trivially fixed like that.
    Certainly sendmail does not need to be run as root, yet it is in
    /usr/src/etc/rc.  lpd ?  Why in gods name does lpd need to be run 
    as root?

						-Matt

    Matthew Dillon  Engineering, HiWay Technologies, Inc. & BEST Internet 
                    Communications & God knows what else.
    <dillon@backplane.com> (Please include original email in any response)    

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message