Date: Sat, 3 Jul 110 15:28:56 -0700 (PDT) From: Jim Dennis <jimd@mistery.mcafee.com> To: fqueries@jraynard.demon.co.uk (James Raynard) Cc: tcg@ime.net, dwhite@resnet.uoregon.edu, questions@freebsd.org Subject: Re: src tree owners Message-ID: <201007032228.PAA24532@mistery.mcafee.com> In-Reply-To: <199607022008.UAA00658@jraynard.demon.co.uk> from "James Raynard" at Jul 2, 96 08:08:03 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > On Unix, the `proper` way is for configuration files to be owned by > > > > root - it's not a good idea to allow just anybody to change them! > > > > > > I Agree! My question was/is about the Source tree! > > I originally wrote "critical files such as source code or > configuration files", then changed my mind and deleted the wrong bit. > Sorry about that :-( > > You might consider simply adding yourself to the 'bin' group > Yep, just edit /etc/group. > > (and setting the SGID bit on the directories). The default > Actually, there's no need to set the SGID bit on the directories, as > BSD systems automatically pass the group ownership on to any new > sub-directories created in the current directory - see mkdir(2). > > > configuration seems to leave the sources g+w and owned by > > root.bin. > > Something that just occurred to me - doesn't some network backup > software require a .rhosts file for the user "bin"? If so, doesn't > this leave the system source code potentially vulnerable? I agree. I was thinking of going in and chown'ing those to root.root or chmod'ing them them to 600. > > > In a multi-user environment you should consider installing > > tripwire and being particularly careful to monitor it for > > source tree changes. Anyone who can get a simply change into > > any source file -- and get 'root' to build it can effectively > > take control of the entire system. (This is true of the system > > binaries as well -- but more insidious). > Very true.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007032228.PAA24532>