From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 18:12:27 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DE3F21065673 for ; Fri, 22 Jun 2012 18:12:27 +0000 (UTC) (envelope-from gad@FreeBSD.org) Received: from smtp5.server.rpi.edu (smtp5.server.rpi.edu [128.113.2.225]) by mx1.freebsd.org (Postfix) with ESMTP id 9B74B8FC18 for ; Fri, 22 Jun 2012 18:12:27 +0000 (UTC) Received: from gilead.netel.rpi.edu (gilead.netel.rpi.edu [128.113.124.121]) by smtp5.server.rpi.edu (8.13.1/8.13.1) with ESMTP id q5MICCv7016323; Fri, 22 Jun 2012 14:12:12 -0400 Message-ID: <4FE4B57C.1040701@FreeBSD.org> Date: Fri, 22 Jun 2012 14:12:12 -0400 From: Garance A Drosehn User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100722 Eudora/3.0.4 MIME-Version: 1.0 To: "Julian H. Stacey" References: <201206221715.q5MHFPJW052099@fire.js.berklix.net> In-Reply-To: <201206221715.q5MHFPJW052099@fire.js.berklix.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Bayes-Prob: 0.0001 (Score 0) X-RPI-SA-Score: 3.30 (***) [Hold at 11.00] COMBINED_FROM, J_CHICKENPOX_33, J_CHICKENPOX_34, J_CHICKENPOX_45, RATWARE_GECKO_BUILD X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: 50502646 - f0da2e78843c X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.225 Cc: freebsd-security@FreeBSD.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 18:12:28 -0000 On 6/22/12 1:15 PM, Julian H. Stacey wrote: > Jason Hellenthal wrote: > >> It is not really clear why you would want to change the permissions of >> root:wheel of / on any of these. >> > To Increase security. > More visual prompting of when juniot admins blunder& cerate > junk as root > A SUID with bin has less power than a SUID with uid=root > Currently every binary in the system is one bit away from the jackpot, > SUID root, why not convert most binaries to uid=bin, thenmost binaries > are 2 bits away from jackpot, more safety in event of a blunder too. > SUID binaries are one issue. The directory '/' is not a SUID binary. The issue for sshd is ownership of the directory '/'. >> root is the owner of the system ... it >> > Only because it currently is,& you're used to it ;-) > Remember back a few decades, Think more deeply, Why do you think it > _needs_ to be ? Unix didnt used to Want that, it was usually a > blunder when it occured. > > look at /etc/passwd > root: entry has the shell, > bin: entry is more limited, just has /sbin/nologin > > The question is WHY did FreeBSD switch to promote everything to root ? > That it did so Way back proves nothing, > Cos further back Unix was bin. > At one time I read that having directories/files owned by root was a security benefit when considering the -maproot= for NFS exports. All unix systems recognize UID=0 means root, and there is no other UID which all unix systems agree on. Disclaimer: I rarely use NFS, so I don't really pay attention to the details. I may have the wrong idea for what the advantage is, but it was some kind of connection with UID=0 and NFS exports or imports. I don't think you have shown any benefit by having directories owned by bin instead of root. I think the check in sshd is fine as it is. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu