From owner-freebsd-security  Sat Jan 23 18:19:46 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA21809
          for freebsd-security-outgoing; Sat, 23 Jan 1999 18:19:46 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA21801
          for <freebsd-security@FreeBSD.ORG>; Sat, 23 Jan 1999 18:19:44 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id VAA03503;
	Sat, 23 Jan 1999 21:18:24 -0500 (EST)
Date: Sat, 23 Jan 1999 21:18:23 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: The Unicorn <unicorn@unicorn.xs4all.nl>
cc: cjclark@home.com, freebsd-security@FreeBSD.ORG
Subject: Re: bin Directory Ownership
In-Reply-To: <19990123132613.A21293@unicorn.quux.org>
Message-ID: <Pine.BSF.3.96.990123211710.3494A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 23 Jan 1999, The Unicorn wrote:

> On Sat, Jan 23, 1999 at 06:01:40AM -0500, Robert Watson wrote:
> > 
> > You are correct--there is no security improvement through the use of the
> > bin user.  However, it is also the case that (aside from false assumptions
> > about some improvement) security is probably not damaged by having a bin
> > user.  I am in the process of some research analyzing the impact of file
> > and directory ownership affecting the UNIX trust model (especially w.r.t.
> > setuid and setgid binaries).  I will post the results when I finish up
> > (probably in a month or so).  Access to the bin account is very limited;
> > effectively, to acquire a uid bin process capable of modifying the
> > binaries, you would first have to have a uid root process that you had
> > subverted.
> 
> This is  not always the  case. Have  a look at  the old but  still valid
> paper from  Wietse and Dan: "admin-guide-to-cracking-101"  also known as
> "Improving the  Security of Your  Site by Breaking Into  it". Especially
> the part on the use of rsh and the wildcard in the /etc/hosts.equiv file
> (yeah, I know that allowing the r-commands is a BIG NO-NO ;-).

At least on my system, none of these accounts have valid shells, so r*
should block login (/nonexistent).

  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message