From owner-freebsd-hackers Mon Jan 22 03:11:08 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id DAA00273 for hackers-outgoing; Mon, 22 Jan 1996 03:11:08 -0800 (PST) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id DAA00265 for ; Mon, 22 Jan 1996 03:11:01 -0800 (PST) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id MAA04840; Mon, 22 Jan 1996 12:02:50 +0100 From: Luigi Rizzo Message-Id: <199601221102.MAA04840@labinfo.iet.unipi.it> Subject: Re: Security (was: Re: Two commands: icat and ils) To: davidg@Root.COM Date: Mon, 22 Jan 1996 12:02:50 +0100 (MET) Cc: imp@village.org, hackers@FreeBSD.org, dworkin@rover.village.org In-Reply-To: <199601221032.CAA14292@Root.COM> from "David Greenman" at Jan 22, 96 02:32:23 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@FreeBSD.org Precedence: bulk > >Why ? Security must be enforced with proper protections, not by > >simply trying to hide information which *is* available. One thing > >I never liked in FreeBSD: > > > > www# ls -l /sbin/init /sbin/shutdown > > -r-x------ 1 bin bin 143360 Nov 16 10:49 /sbin/init > > -r-sr-x--- 1 root operator 135168 Nov 16 10:49 /sbin/shutdown > > > >as if denying *read* access to these publicly available files would > >prevent anyone from rebuilding them from the sources or getting a > >copy from the binary distribution or from the CDROM. > > That's not the reason they have read permissions removed. It's common for > people to have /sbin in their path - to pick up useful utilities which > probably shouldn't be in /sbin anyway (like ifconfig and ping, for example), > and executing /sbin/init by accident is not a good thing. Two objections: 1) just make /sbin/init mode 544 then. Actually, shouldn't it work even if it has mode 444 ? 2) would it be that hard to fix init so as to quit if its not appropriate for it to run (e.g. check process id, another instance running, etc.) ? I am asking because I don't know what are the implications, but if the consequences are so bad... You may wonder why I would like to have this changed: it is useful for those settings where you have diskless system with NFS-mounted root partition. Luigi ==================================================================== Luigi Rizzo Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it Universita' di Pisa tel: +39-50-568533 via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 http://www.iet.unipi.it/~luigi/ ====================================================================