From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 15:59:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E41F106566B for ; Fri, 22 Jun 2012 15:59:34 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 262F28FC15 for ; Fri, 22 Jun 2012 15:59:34 +0000 (UTC) Received: by yenl8 with SMTP id l8so1959037yen.13 for ; Fri, 22 Jun 2012 08:59:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=iq3oT2b5YZUrdtBlZ3GoSTBB1irWpHfozuAQBzhjP54=; b=VBG14dNjL30Z2kauvAVcBa1xi9qCr2/uY0dlJ0+t6ikCokChqAYTS/TpY21I8p199q orSSnSodaPE/cWDTPloGAjKBlxMKLI/MSviJooJWqN9wNEaDCZ6MVAqBiT+0f8P+NtO3 1BBp6QpDrOG/91hLuGVx9ym2MDZINx4xZb2Ww= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=iq3oT2b5YZUrdtBlZ3GoSTBB1irWpHfozuAQBzhjP54=; b=Nvs+Jg0PuCLzX1gb2Tv2sXCFKmGkYz37rE3gkJgwmNPQY1yjwZEm2MpvHzZkBhU9m3 ssLGBK2Lu3oX1TOUqgXwCy5sTBg/nkBgUQfMtdwh1fSI648Zt4b+JqJX5NZkddr7cvPj /zbdrO+3FZEL56jSuDVAHSFwJM+WVlbpbCol0Ys0OM8sjQywG+RCrlqmI2iK5VyrBmlt d1Beqhw1KnIDt2kvvPqcPzrMN0CvNSpHp4mskhpFaxEMjWfS0buptj9iaMI110AV60cD sp4WhhCiG2zZYUvGRMHa2pcyVBvq2mzI7878nTj2r2gxptmnwvC3/Rak4Dvp5Z+UU742 EPsQ== Received: by 10.50.161.198 with SMTP id xu6mr2225894igb.69.1340380773392; Fri, 22 Jun 2012 08:59:33 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id ut5sm39736854igc.13.2012.06.22.08.59.32 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jun 2012 08:59:32 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5MFxUT2020762 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 22 Jun 2012 11:59:30 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5MFxT5R020753; Fri, 22 Jun 2012 11:59:29 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Fri, 22 Jun 2012 11:59:28 -0400 From: Jason Hellenthal To: "Julian H. Stacey" Message-ID: <20120622155928.GA9983@DataIX.net> References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201206221343.q5MDhmvS045187@fire.js.berklix.net> X-Gm-Message-State: ALoCoQnQimFPXLa0S7gG/3764e0+oMxetz5pS3KHEs0Rv2QI7PH1sn/dlegqBYcn2WdBuHwX4mY0 Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 15:59:34 -0000 On Fri, Jun 22, 2012 at 03:43:47PM +0200, Julian H. Stacey wrote: > Hi freebsd-security@freebsd.org > On an 8.3-RELEASE running sshd, /var/log/auth.log > Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: > bad ownership or modes for directory / > Until I did > chown 0:0 / > ( It was previously > drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ > ) > The chown is consistent with all of 8.3 /bin also being root & not bin, > > BUT > > Over use of Root seems Bad. > Our ownership scheme has degraded compared to early 1980s Unix, where > most bin & lib files & dirs were owned by bin, except for > - a few SUID bins that Needed root > - occasional administrator droppings, > temporary accidental files that glared at the eyeball, > as root, cos near all else was just bin. > > IMO very little in a system should be user root. > > Apologies, but to guide replies : > (after threads burnt by a troll on another list) > I'd not appreciate replies just along the lines of > "It has to be to satisfy existing software". > I'd much rather receive replies along lines of > "What would be best ownership scheme, advantages & > disadvantages + should we change anything ?" > What are you currently using this in that is the cause of the problem ? Is this a jail, physical system, VM ... It is not really clear why you would want to change the permissions of root:wheel of / on any of these. root is the owner of the system ... it is pretty much a standard if not already that root owns everything so I am not really following why. openssh in itself... I am glad it does this. If a system has been compromised by changing owner:group of / then it denies access to the whole system. This is a security benefit. Security principles are well laid out and have not changed in a long time. Vering away from those principles will cause a LOT of administrative overhead as most software out there can expect a sane environment if / is root:wheel -- - (2^(N-1))