From owner-freebsd-security@FreeBSD.ORG Sat Jun 23 02:04:51 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CCF13106566C for ; Sat, 23 Jun 2012 02:04:51 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 732D58FC0C for ; Sat, 23 Jun 2012 02:04:51 +0000 (UTC) Received: by yenl8 with SMTP id l8so2380869yen.13 for ; Fri, 22 Jun 2012 19:04:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=T57A+cpXIYqeoDqoAFLF0WbUVP07D+acFwhsFj8uic8=; b=DGjTi4DMa8LH/Qd/ky4rkG5LsJw3HLREAhqrUSDt57ucYjoeUVqH7gXib1e+hmaC9t Ym/lo7MLNKRlzucu7EGmDAp750GQowtRU/Fj3l4/LduuldB42BMsf2fXiwqfQxIQ5EW3 58DgjCXaJqqOH+Pe/rabt+87BnaMn43MEGyhI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=T57A+cpXIYqeoDqoAFLF0WbUVP07D+acFwhsFj8uic8=; b=eyV5csD0VDkeuHixJjUYxUEUMvdBVlVDinQrBqa2P6qg0WyqKYkbJvyzBfVtCrRsFS B7KPHRyteluKZRXYg2nuMoGtkpaRUq9q1OLrrcMO31QF0yq5tUmZ/k6EuzocZd9T8CiL 4LCUQwGzUeYq0lt/c0JeEZ2TDNkk61xffH/yE02bTpx+aVel3QnKMPnrD61D2snBol5/ +3V15qmzfe8R7Qm0rfM8XjUyE67PPD3i5xjdo+Me65u4L9MVVA47AGcyX87r9nYfuvcj 5WCNh5cKZAL8AECcW21J7hC4L/SBSfnIZavpof+cqAC3RI8LIYsUgWPVToqPdmGFd8MX 0Wgw== Received: by 10.50.237.9 with SMTP id uy9mr3328864igc.40.1340417090565; Fri, 22 Jun 2012 19:04:50 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id ut5sm2061442igc.13.2012.06.22.19.04.49 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jun 2012 19:04:50 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5N24lnP079697 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 22 Jun 2012 22:04:47 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5N24lf8079696 for freebsd-security@freebsd.org; Fri, 22 Jun 2012 22:04:47 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Fri, 22 Jun 2012 22:04:47 -0400 From: Jason Hellenthal To: freebsd-security@freebsd.org Message-ID: <20120623020447.GA64202@DataIX.net> References: <20120622155928.GA9983@DataIX.net> <201206221715.q5MHFPJW052099@fire.js.berklix.net> <20120622231140.GH8651@netmon.tcworks.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120622231140.GH8651@netmon.tcworks.net> X-Gm-Message-State: ALoCoQm1e9tkiZSYnAFQKcFYVw9nuD+FBlNl80ORRzD9HF3Ncbc5l2YOjQx81y2ZhVpHDdG6Srrm Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 02:04:51 -0000 On Fri, Jun 22, 2012 at 06:11:40PM -0500, Scott Lambert wrote: > On Fri, Jun 22, 2012 at 07:15:25PM +0200, Julian H. Stacey wrote: > > Jason Hellenthal wrote: > > > > > > On Fri, Jun 22, 2012 at 03:43:47PM +0200, Julian H. Stacey wrote: > > > > Over use of Root seems Bad. > > > > Our ownership scheme has degraded compared to early 1980s Unix, where > > > > most bin & lib files & dirs were owned by bin, except for > > > > - a few SUID bins that Needed root > > > > - occasional administrator droppings, > > > > temporary accidental files that glared at the eyeball, > > > > as root, cos near all else was just bin. > > > > > > > > IMO very little in a system should be user root. > > > > > > > > Apologies, but to guide replies : > > > > (after threads burnt by a troll on another list) > > > > I'd not appreciate replies just along the lines of > > > > "It has to be to satisfy existing software". > > > > I'd much rather receive replies along lines of > > > > "What would be best ownership scheme, advantages & > > > > disadvantages + should we change anything ?" > > > > > > > > > > It is not really clear why you would want to change the permissions of > > > root:wheel of / on any of these. > > > > To Increase security. > > More visual prompting of when juniot admins blunder& cerate > > junk as root > > A SUID with bin has less power than a SUID with uid=root > > Currently every binary in the system is one bit away from the jackpot, > > SUID root, why not convert most binaries to uid=bin, thenmost binaries > > are 2 bits away from jackpot, more safety in event of a blunder too. > > > > > root is the owner of the system ... it > > > > Only because it currently is, & you'r used to it ;-) > > Remember back a few decades, Think more deeply, Why do you think it > > _needs_ to be ? Unix didnt used to Want that, it was usualy a blunder when > > it occured. > > > > look at /etc/passwd > > root: entry has the shell, > > bin: entry is more limited, just has /sbin/nologin > > Would not a 0:0 / (or all system directory entries) help limit the > damage possible if a junior admin sets suid on a random, possibly > bogus, bin:bin binary? > Lets not forget here that some SUID binaries need root:0 access to the system ... those that are accessing master.passwd for instance. Or those that drop prives to nobody after using root access. Are you bound and determined as an admin that you will ultimately seek out and set those seperate from what you want the system to have. Madatory Access Controls are much better suited for the problem you are trying to solve rather than changing security principles in an unforgiving manner. -- - (2^(N-1))