From owner-freebsd-hackers Mon Jan 22 02:37:24 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id CAA28726 for hackers-outgoing; Mon, 22 Jan 1996 02:37:24 -0800 (PST) Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id CAA28721 for ; Mon, 22 Jan 1996 02:37:18 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by Root.COM (8.6.12/8.6.5) with SMTP id CAA14292; Mon, 22 Jan 1996 02:32:42 -0800 Message-Id: <199601221032.CAA14292@Root.COM> X-Authentication-Warning: implode.Root.COM: Host localhost didn't use HELO protocol To: Luigi Rizzo cc: imp@village.org (Warner Losh), hackers@FreeBSD.org, dworkin@rover.village.org Subject: Re: Security (was: Re: Two commands: icat and ils) In-reply-to: Your message of "Mon, 22 Jan 1996 11:03:44 +0100." <199601221003.LAA04703@labinfo.iet.unipi.it> From: David Greenman Reply-To: davidg@Root.COM Date: Mon, 22 Jan 1996 02:32:42 -0800 Sender: owner-hackers@FreeBSD.org Precedence: bulk >Why ? Security must be enforced with proper protections, not by >simply trying to hide information which *is* available. One thing >I never liked in FreeBSD: > > www# ls -l /sbin/init /sbin/shutdown > -r-x------ 1 bin bin 143360 Nov 16 10:49 /sbin/init > -r-sr-x--- 1 root operator 135168 Nov 16 10:49 /sbin/shutdown > >as if denying *read* access to these publicly available files would >prevent anyone from rebuilding them from the sources or getting a >copy from the binary distribution or from the CDROM. That's not the reason they have read permissions removed. It's common for people to have /sbin in their path - to pick up useful utilities which probably shouldn't be in /sbin anyway (like ifconfig and ping, for example), and executing /sbin/init by accident is not a good thing. -DG David Greenman Core Team/Principal Architect, The FreeBSD Project