From owner-freebsd-hackers  Tue Oct 15 10:18:31 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA21549
          for hackers-outgoing; Tue, 15 Oct 1996 10:18:31 -0700 (PDT)
Received: from mole.mole.org (marmot.mole.org [204.216.57.191])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA21543
          for <freebsd-hackers@FreeBSD.org>; Tue, 15 Oct 1996 10:18:27 -0700 (PDT)
Received: (from mail@localhost) by mole.mole.org (8.6.12/8.6.12) id QAA27516; Tue, 15 Oct 1996 16:56:14 GMT
Received: from meerkat.mole.org(206.197.192.110) by mole.mole.org via smap (V1.3)
	id sma027513; Tue Oct 15 16:55:53 1996
Received: (from mrm@localhost) by meerkat.mole.org (8.6.11/8.6.9) id JAA22817; Tue, 15 Oct 1996 09:55:08 -0700
Date: Tue, 15 Oct 1996 09:55:08 -0700
From: "M.R.Murphy" <mrm@Mole.ORG>
Message-Id: <199610151655.JAA22817@meerkat.mole.org>
To: bde@zeta.org.au, luigi@labinfo.iet.unipi.it
Subject: Re: /sbin/init permission
Cc: freebsd-hackers@FreeBSD.org, j@uriah.heep.sax.de
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

>
> >> Complete set of standard executables with annoying permissions in
> >> -current:
> >> 
> >> -r-x------  1 bin   bin        20480 Oct  2 04:24 /sbin/init
> >> -r-sr-x---  1 root  operator   12288 Oct  2 04:26 /sbin/shutdown
> >> ---s--x--x  2 root  bin       286720 Oct  2 04:19 /usr/bin/sperl4.036
> >> ---s--x--x  2 root  bin       286720 Oct  2 04:19 /usr/bin/suidperl
> >> -r-sr-x---  1 uucp  uucp       90112 Oct  2 04:09 /usr/libexec/uucp/uuxqt
> >> -r-x------  1 bin   bin        12288 Oct  2 04:42 /usr/sbin/watch
> >...
> >for suid applications there is a reason for being restrictive. For
>
> I think security by obscurity is the only reason.  This doesn't apply
> to free software.

I'd mention that this is argument by assertion and a misuse of "free"
in "free software", but that would be pedantic and a cheap shot :-)

If I feel like setting /usr/sbin/watch 0110 root.sys, that's my
concern. If I felt strongly about it, I could have a script that
does the deed to all the files I care about. Even though I don't
have to have an 0111 /bin/cat to comply with my Western Electric
license (ultra-scrupulous, I'll admit), there's no reason not to
do so if I feel like it.

I'm suggesting that the status quo isn't too bad. Let those who
care, fix.

--
Mike Murphy  mrm@Mole.ORG  +1 619 598 5874
Better is the enemy of Good