From owner-freebsd-security Sat Jan 23 08:33:21 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA18466 for freebsd-security-outgoing; Sat, 23 Jan 1999 08:33:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mtiwmhc03.worldnet.att.net (mtiwmhc03.worldnet.att.net [204.127.131.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA18461 for ; Sat, 23 Jan 1999 08:33:19 -0800 (PST) (envelope-from gryphon@healer.com) Received: from healer.com ([12.77.217.122]) by mtiwmhc03.worldnet.att.net (InterMail v03.02.07 118 124) with ESMTP id <19990123163309.HUGE10733@healer.com>; Sat, 23 Jan 1999 16:33:09 +0000 Message-ID: <36AA27D4.C65CE38@healer.com> Date: Sat, 23 Jan 1999 11:49:40 -0800 From: Coranth Gryphon X-Mailer: Mozilla 4.05 [en] (Win95; U) MIME-Version: 1.0 To: cjclark@home.com CC: freebsd-security@FreeBSD.ORG Subject: Re: bin Directory Ownership References: <199901230414.XAA02392@cc942873-a.ewndsr1.nj.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Am I being over protective? Is there a problem with my installation? > Do I need to relax? Most of the non-'bin' executables are either suid or sgid, and need to belong to the owner/group that they operate under. Doing a "chflags schg ..." will prevent them from being easily modified/hacked and likewise prevent the necessary permissions from being accidentally changed. As far as UID 'bin' not being secure, as I understand it, having the files owned by 'bin' is the same as having them owned by just about any other non-0 uid. It's the suid/sgid bits that cause potentail holes. -coranth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message