From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 23:28:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 31C4D1065670 for ; Fri, 22 Jun 2012 23:28:34 +0000 (UTC) (envelope-from lambert@netmon.tcworks.net) Received: from netmon.tcworks.net (netmon.tcworks.net [65.66.76.14]) by mx1.freebsd.org (Postfix) with ESMTP id EDA3B8FC0A for ; Fri, 22 Jun 2012 23:28:33 +0000 (UTC) Received: from netmon.tcworks.net (localhost [127.0.0.1]) by netmon.tcworks.net (8.14.5/8.14.5) with ESMTP id q5MNBeSv041608 for ; Fri, 22 Jun 2012 18:11:40 -0500 (CDT) (envelope-from lambert@netmon.tcworks.net) Received: (from lambert@localhost) by netmon.tcworks.net (8.14.5/8.14.5/Submit) id q5MNBeF7041603 for freebsd-security@freebsd.org; Fri, 22 Jun 2012 18:11:40 -0500 (CDT) (envelope-from lambert) Date: Fri, 22 Jun 2012 18:11:40 -0500 From: Scott Lambert To: freebsd-security@freebsd.org Message-ID: <20120622231140.GH8651@netmon.tcworks.net> Mail-Followup-To: freebsd-security@freebsd.org References: <20120622155928.GA9983@DataIX.net> <201206221715.q5MHFPJW052099@fire.js.berklix.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201206221715.q5MHFPJW052099@fire.js.berklix.net> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 23:28:34 -0000 On Fri, Jun 22, 2012 at 07:15:25PM +0200, Julian H. Stacey wrote: > Jason Hellenthal wrote: > > > > On Fri, Jun 22, 2012 at 03:43:47PM +0200, Julian H. Stacey wrote: > > > Over use of Root seems Bad. > > > Our ownership scheme has degraded compared to early 1980s Unix, where > > > most bin & lib files & dirs were owned by bin, except for > > > - a few SUID bins that Needed root > > > - occasional administrator droppings, > > > temporary accidental files that glared at the eyeball, > > > as root, cos near all else was just bin. > > > > > > IMO very little in a system should be user root. > > > > > > Apologies, but to guide replies : > > > (after threads burnt by a troll on another list) > > > I'd not appreciate replies just along the lines of > > > "It has to be to satisfy existing software". > > > I'd much rather receive replies along lines of > > > "What would be best ownership scheme, advantages & > > > disadvantages + should we change anything ?" > > > > > > > It is not really clear why you would want to change the permissions of > > root:wheel of / on any of these. > > To Increase security. > More visual prompting of when juniot admins blunder& cerate > junk as root > A SUID with bin has less power than a SUID with uid=root > Currently every binary in the system is one bit away from the jackpot, > SUID root, why not convert most binaries to uid=bin, thenmost binaries > are 2 bits away from jackpot, more safety in event of a blunder too. > > > root is the owner of the system ... it > > Only because it currently is, & you'r used to it ;-) > Remember back a few decades, Think more deeply, Why do you think it > _needs_ to be ? Unix didnt used to Want that, it was usualy a blunder when > it occured. > > look at /etc/passwd > root: entry has the shell, > bin: entry is more limited, just has /sbin/nologin Would not a 0:0 / (or all system directory entries) help limit the damage possible if a junior admin sets suid on a random, possibly bogus, bin:bin binary? -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org