Date: Mon, 24 Mar 1997 13:19:10 +0800 From: Peter Wemm <peter@spinner.DIALix.COM> To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) Cc: freebsd-bugs@freebsd.org Subject: Re: sendmail can't create PID file because of owner permission of /var/run Message-ID: <199703240519.NAA10729@spinner.DIALix.COM> In-Reply-To: Your message of "Mon, 24 Mar 1997 00:08:00 %2B0100." <19970324000800.WG00772@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
J Wunsch wrote: > As Ollivier Robert wrote: > > (System directories owned by root.) > > > Some people (including me) have been asking for this change for *years*. > > Please someone do it ! > > Some other people (including me) still believe that tweaking all > systems just because some people suffer from NFS's flaws is not doing > better either. > > Those who suffer from NFS know how to use chown -R... NFS-exporting > something writable to any machine you can't trust gets you what you > deserve. I mentioned NFS "for example". Having the entire system writeable by uid bin means that the system can easily be compromised by the "bin" account, as well as root. From my subjective observations, 99% of system security analysis seems to be focused on protecting root - "bin" seems to get rather little scrutiny. Yes, there are other uid's (eg: uucp, games), but they can't get to things commonly run by root (eg: /bin/sh, /bin/ls etc). IMHO, the only thing that is gained by having stuff uid bin is that the scope of vulnerability is increased to a non-root uid as well. Saying "use chown -R" isn't a good answer, because the build system goes to great pains to restore the security problems! (also, chown -R is deadly on the system directories.. What about setuid-uucp programs that become setuid-root?) Cheers, -Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703240519.NAA10729>