Date: Sun, 15 Nov 1998 19:22:24 +0100 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Matthew Dillon <dillon@apollo.backplane.com>, Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <19981115192224.A29686@internal> In-Reply-To: <199811151758.JAA15108@apollo.backplane.com>; from Matthew Dillon on Sun, Nov 15, 1998 at 09:58:22AM -0800 References: <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 15, 1998 at 09:58:22AM -0800, Matthew Dillon wrote: > > :Hi, > : > :while installing xlockmore, I noticed that its mode is 4111 for root. > :... > : > :Wouldn't it be generally a good idea to make the /etc/spwd.db and > :the /etc/master.passwd file 640 and give them to a newly created > : > :root@voyager:~>ll /usr/X11R6/bin/xlock > :---x--s--x 1 root pw - 126976 Oct 1 08:17 /usr/X11R6/bin/xlock* > : > :What do you think? Will it make my systems more insecure with the > :above stuff or not? If not, wouldn't it make sense to incorporate > :the changes into FreeBSD? IMHO they break nothing since all programs > :... > : > : -Andre > > I think this is an excellent idea. A similar method is used for > the 'operator' group, to allow the dumper to dump disks without > giving him write access to them. OK, and I already thought it might be stupid/insecure/not_working doing so because it's rather simple and nobody has come up with it before. But with my paranoia about setuid root stuff, I finally decided to ask now :-) > Another thing that would be nice would be to give certain user id's > the ability to listen on low-numbered sockets without giving the rest > of the users that ability. > > Without going to full-blown capabilities, and adding a sysctl to turn > it on, I think we could reserve some gid_t values to mean certain > things. For example, a user in group 0x80000001 would be allowed > to bind to low-numbered ports. A user in group 0x80000002 would be > allowed to chown files away in mode 01000 directories (allowing a > mode 01740 directories to be controlled by a non-root program, but > accessible by users, aka /var/mail). And so on. > > Immediate uses that I can see: > > * bind (has a user run mode, but then can't rebind on ifc > changes) > * sendmail (currently run under user with special hacks only) > * popper (run as root) > * imapd (run as root) At least with popper (although I use cucipop) I think its difficult because I deliver mail to my users homedirs. > * xterm (suid root for utmp access) Yes, this is another candidate. Is the setuid root permission really only used to access /var/run/utmp? Let's see what the others say... -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981115192224.A29686>