Date: Mon, 16 Nov 1998 12:40:12 -0700 From: Nate Williams <nate@mt.sri.com> To: Warner Losh <imp@village.org> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, Matthew Dillon <dillon@apollo.backplane.com>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811161940.MAA19331@mt.sri.com> In-Reply-To: <199811161849.LAA05146@harmony.village.org> References: <19981116125909.A28486@internal> <19981116072937.E969@internal> <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <199811152210.PAA01604@harmony.village.org> <199811160658.XAA01912 < Your message of "Mon, 16 Nov 1998 12:59:09 %2B0100." <19981116125909.A28486@internal> <199811161849.LAA05146@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> : That is exactly my opinion. I think a program should run with the > : minimum privileges it really needs to and not more. > > I still think that it is a lot of effort for just one or two > programs. xlock and xlockmore (basically the same program) are the > only two programs that I'm aware of that need to access the password > file and not change the uid of the process. Where are the rest of the > half dozen :-)... The other issue is since they will no longer be setuid(), someone can crash them and get the passwd file from them to crack later or we'd have to change all of the 'don't dump core' code to look for setgid(passwd) stuff. All of a sudden this 'simple fix' gets to be obnoxious and isn't buying us a whole lot. Setuid is *NOT* evil in all cases, you simply must be careful. The fact of the matter is *some* programs must have root priviledges to do their job securely and/or at all. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811161940.MAA19331>