From owner-freebsd-hackers  Mon Jan 22 04:21:22 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id EAA06703
          for hackers-outgoing; Mon, 22 Jan 1996 04:21:22 -0800 (PST)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id EAA06520
          for <hackers@freebsd.org>; Mon, 22 Jan 1996 04:19:57 -0800 (PST)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id NAA05095; Mon, 22 Jan 1996 13:16:16 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199601221216.NAA05095@labinfo.iet.unipi.it>
Subject: Re: Security (was: Re: Two commands: icat and ils)
To: mpp@mpp.minn.net (Mike Pritchard)
Date: Mon, 22 Jan 1996 13:16:15 +0100 (MET)
Cc: davidg@Root.COM, imp@village.org, hackers@freebsd.org,
        dworkin@rover.village.org
In-Reply-To: <199601221142.FAA18087@mpp.minn.net> from "Mike Pritchard" at Jan 22, 96 05:42:32 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-hackers@freebsd.org
Precedence: bulk

> Luigi Rizzo wrote:
> > > 
> > >    That's not the reason they have read permissions removed. It's common for
> > > people to have /sbin in their path - to pick up useful utilities which
> > > probably shouldn't be in /sbin anyway (like ifconfig and ping, for example),
> > > and executing /sbin/init by accident is not a good thing.
> > 
> > Two objections:
> > 
> > 1) just make /sbin/init mode 544 then. Actually, shouldn't it work
> >    even if it has mode 444 ?
> > 2) would it be that hard to fix init so as to quit if its not
> >    appropriate for it to run (e.g. check process id, another instance
> >    running, etc.) ? I am asking because I don't know what are the
> >    implications, but if the consequences are so bad...
> 
> Actually, init already does this.  Here are the first few
> lines of code from init.c:
> 
> 	/* Dispose of random users. */
> 	if (getuid() != 0) {
> 		(void)fprintf(stderr, "init: %s\n", strerror(EPERM));
> 		exit (1);
> 	}
> 
> 	/* System V users like to reexec init. */
> 	if (getpid() != 1) {
> 		(void)fprintf(stderr, "init: already running\n");
> 		exit (1);
> 	}

so it seems that there is really no point in keeping the current
protection modes.

	Luigi