From owner-freebsd-hackers  Mon Jan 22 02:09:12 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id CAA26571
          for hackers-outgoing; Mon, 22 Jan 1996 02:09:12 -0800 (PST)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id CAA26555
          for <hackers@FreeBSD.org>; Mon, 22 Jan 1996 02:08:52 -0800 (PST)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id LAA04703; Mon, 22 Jan 1996 11:03:44 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199601221003.LAA04703@labinfo.iet.unipi.it>
Subject: Security (was: Re: Two commands: icat and ils)
To: imp@village.org (Warner Losh)
Date: Mon, 22 Jan 1996 11:03:44 +0100 (MET)
Cc: hackers@FreeBSD.org, dworkin@rover.village.org
In-Reply-To: <199601220848.BAA28985@rover.village.org> from "Warner Losh" at Jan 22, 96 01:48:08 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@FreeBSD.org
Precedence: bulk

> I have two commands that I've hacked together:
> 	icat:	Will list a file given its inode
> 	ils:	Will try all the inodes it can find and list all the

I would like to have them.

> modestly and send them in?  They are, of course, the worlds largest
> assault tanks in the battle of security, but they have come in *DAMN*

Why ? Security must be enforced with proper protections, not by
simply trying to hide information which *is* available. One thing
I never liked in FreeBSD:

    www# ls -l /sbin/init /sbin/shutdown
    -r-x------  1 bin   bin       143360 Nov 16 10:49 /sbin/init
    -r-sr-x---  1 root  operator  135168 Nov 16 10:49 /sbin/shutdown

as if denying *read* access to these publicly available files would
prevent anyone from rebuilding them from the sources or getting a
copy from the binary distribution or from the CDROM.

	Luigi
====================================================================
Luigi Rizzo                     Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it       Universita' di Pisa
tel: +39-50-568533              via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522              http://www.iet.unipi.it/~luigi/
====================================================================