Date: Sat, 19 Jul 1997 14:41:47 +0200 (MET DST) From: Wolfgang Helbig <helbig@MX.BA-Stuttgart.De> To: sthaug@nethelp.no Cc: andreas@klemm.gtn.com, hackers@FreeBSD.ORG Subject: Re: sendmail complains about being unable to write his pid file Message-ID: <199707191241.OAA28753@helbig.informatik.ba-stuttgart.de> In-Reply-To: <15406.869308066@verdi.nethelp.no> from "sthaug@nethelp.no" at "Jul 19, 97 12:27:46 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I'm always nervous about directories owned by bin, on the assumption > > > that bin might be easier to break than root, and could then be used > > > as a stepstone to breaking root. > > > > I don't believe this, because bin isn't a password protected login. > > Look here: > > bin:*:3:7:Binaries Commands and Source,,,:/:/nonexistent > > That's fine - until somebody decides to run NFS. Then all bets are off. > > > I think it's a BSDism. bin is the UID and GID for Binaries, Commands > > and source as shown by the entry in /etc/passwd ... > > Yes, but the question stands - why is it setup this way? What is gained > by having binaries (and important directories) owned by bin instead of > root? More security? setuid / setgid will give you the powers of bin only, not of root. Wolfgang
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707191241.OAA28753>