Date: Tue, 20 May 1997 15:11:27 +1000 From: Stephen McKay <syssgm@dtir.qld.gov.au> To: freebsd-hackers@freebsd.org Subject: Re: drwxr-xr-x 2 bin bin /usr/sbin Message-ID: <199705200511.PAA16611@ogre.dtir.qld.gov.au> In-Reply-To: <199705191535.TAA23174@ns.cs.msu.su> from "Sergei S. Laskavy" at "Mon, 19 May 1997 15:35:35 %2B0000" References: <199705191535.TAA23174@ns.cs.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 19th May 1997, Sergei S. Laskavy wrote: >eric@Sendmail.ORG said, that > >+----------------------------------------------+ >| For security reasons, /, /usr, and /usr/sbin | >| should be owned by root, mode 755. | >+----------------------------------------------+ > >I think that someone can gain "bin" and then replace > /usr/sbin/GOOD_PROGGY >by > /usr/sbin/EVIL_PROGGY Well, I've not had a chance to rant about this yet... Of course, you are correct. Having /bin (and/or its contents) owned by bin rather than root just adds another method for attacking your system. Everything should be owned by root unless there is a good reason for it to be owned by some other uid. Usually this "good reason" is to provide a safer uid to setuid to, such as "games" or "uucp", that can cause less damage when hacked or just broken by bugs. Hacking a game can still compromise the game playing system administrator, which will then yield root, but it takes longer and there is more chance of detection. The counter argument that I have heard is that it makes setuid root programs stand out from the field of bin owned programs. Nobody should be relying on eyeballing directories for this. That's what tripwire is for. And if you are trusting your ls binary, you can trust your tripwire binary... Stephen.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705200511.PAA16611>