Date: Sun, 15 Nov 1998 16:15:48 +0100 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Would this make FreeBSD more secure? Message-ID: <19981115161548.A23869@internal>
next in thread | raw e-mail | index | archive | help
Hi, while installing xlockmore, I noticed that its mode is 4111 for root. I think this is because it has to access the encrypted user passwords. Wouldn't it be generally a good idea to make the /etc/spwd.db and the /etc/master.passwd file 640 and give them to a newly created group? Then programs like xlockmore could be made setgid newgroup instead of setuid root which always makes me a little nervous. For example: root@voyager:~>ll /etc/spwd.db /etc/master.passwd -rw-r----- 1 root pw - 828 Nov 15 12:43 /etc/master.passwd -rw-r----- 1 root pw - 40960 Nov 15 12:43 /etc/spwd.db root@voyager:~>ll /usr/X11R6/bin/xlock ---x--s--x 1 root pw - 126976 Oct 1 08:17 /usr/X11R6/bin/xlock* What do you think? Will it make my systems more insecure with the above stuff or not? If not, wouldn't it make sense to incorporate the changes into FreeBSD? IMHO they break nothing since all programs can continue to access /etc/spwd.db and /etc/master.passwd in the old way but the new method would be possible as well. Thanks a lot, -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981115161548.A23869>