From owner-freebsd-security Sat Jan 23 07:50:12 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA14093 for freebsd-security-outgoing; Sat, 23 Jan 1999 07:50:12 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA14084 for ; Sat, 23 Jan 1999 07:50:10 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.8.8/8.8.8) id KAA05725; Sat, 23 Jan 1999 10:51:27 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199901231551.KAA05725@cc942873-a.ewndsr1.nj.home.com> Subject: Re: bin Directory Ownership In-Reply-To: from Robert Watson at "Jan 23, 99 06:01:40 am" To: robert+freebsd@cyrus.watson.org Date: Sat, 23 Jan 1999 10:51:27 -0500 (EST) Cc: cjclark@home.com, freebsd-security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote, > Access to the bin account is very limited; > effectively, to acquire a uid bin process capable of modifying the > binaries, you would first have to have a uid root process that you had > subverted. I realize that, but the argument goes that if someone /did/ access root, he could give himself long-term access to bin and possibly other administrative users. Since the actions of these other administrative users are not as tightly watched as root (e.g. no syslog message when you su to one), it might be possible to maintain access for a long time (even if the original way he accessed root had been closed). BTW, I am running a 2.2.*, 2.2.7. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message