From owner-freebsd-security  Tue Jun  1 20:32: 3 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id A3A14151A9
	for <freebsd-security@FreeBSD.ORG>; Tue,  1 Jun 1999 20:32:01 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id UAA86389;
	Tue, 1 Jun 1999 20:31:53 -0700 (PDT)
	(envelope-from dillon)
Date: Tue, 1 Jun 1999 20:31:53 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199906020331.UAA86389@apollo.backplane.com>
To: Andrew Kenneth Milton <akm@mail.theinternet.com.au>
Cc: akm@mail.theinternet.com.au, matt@Mlink.NET, bc@thehub.com.au,
	cain@tasam.com, freebsd-security@FreeBSD.ORG
Subject: Re: Shell Account system
References:  <199906020321.NAA22830@mail.theinternet.com.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:
:I'd agree that you don't want it suid root, I don't agree that you
:don't want it suid some other non-privelged user.
:
:-- 
:Totally Holistic Enterprises Internet|  P:+61 7 3870 0066   |  Andrew

    If the admin is supposed to be able to do some operation on the 
    server, such as restart it, then having a suid-(server-uid) program
    that does that *ONE* thing and making it group-executable to the set
    of admins allowed to do that *ONE* thing is not going to compromise 
    security any more then giving the admin access to (server-uid) account.
  
    It is appropriate to be wary of suid programs, but not overly paranoid.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message