From owner-freebsd-security  Sat Apr  1 10:51:39 1995
Return-Path: security-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA23867 for security-outgoing; Sat, 1 Apr 1995 10:51:39 -0800
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA23860 for <security@freebsd.org>; Sat, 1 Apr 1995 10:51:34 -0800
Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id KAA15088 for <security@freebsd.org>; Sat, 1 Apr 1995 10:50:47 -0800
Message-Id: <199504011850.KAA15088@precipice.shockwave.com>
To: security@FreeBSD.org
Subject: root owning everything
Date: Sat, 01 Apr 1995 10:50:37 -0800
From: Paul Traina <pst@Shockwave.COM>
Sender: security-owner@FreeBSD.org
Precedence: bulk

Except for setuid files, the majority of files in / and /usr should be owned
by root, not bin,  so that I can't nfsmount a volume read-write and su to
bin and have a party.

An alternative would be to map uid bin to nobody the same way root is done.

Feelings?