Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Mar 1997 08:09:50 +0100
From:      j@uriah.heep.sax.de (J Wunsch)
To:        freebsd-bugs@freebsd.org
Subject:   Re: sendmail can't create PID file because of owner permission of /var/run
Message-ID:  <19970324080950.WP16275@uriah.heep.sax.de>
In-Reply-To: <199703240519.NAA10729@spinner.DIALix.COM>; from Peter Wemm on Mar 24, 1997 13:19:10 %2B0800
References:  <19970324000800.WG00772@uriah.heep.sax.de> <199703240519.NAA10729@spinner.DIALix.COM>

next in thread | previous in thread | raw e-mail | index | archive | help
As Peter Wemm wrote:

> I mentioned NFS "for example".  Having the entire system writeable by uid 
> bin means that the system can easily be compromised by the "bin" account, 
> as well as root.  From my subjective observations, 99% of system security 
> analysis seems to be focused on protecting root - "bin" seems to get 
> rather little scrutiny.

Since bin has no password (and no shell) on 99.9 % of the systems, you
must be root before you can become bin anyway.  So what?  If the
intruder is root already, assigning all the system binaries to root
wouldn't help.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970324080950.WP16275>