From owner-freebsd-hackers  Mon Jan 22 04:47:38 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id EAA08245
          for hackers-outgoing; Mon, 22 Jan 1996 04:47:38 -0800 (PST)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id EAA08155
          for <hackers@FreeBSD.org>; Mon, 22 Jan 1996 04:45:57 -0800 (PST)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id XAA29420; Mon, 22 Jan 1996 23:40:59 +1100
Date: Mon, 22 Jan 1996 23:40:59 +1100
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199601221240.XAA29420@godzilla.zeta.org.au>
To: davidg@root.com, luigi@labinfo.iet.unipi.it
Subject: Re: Security (was: Re: Two commands: icat and ils)
Cc: dworkin@rover.village.org, hackers@FreeBSD.org, imp@village.org
Sender: owner-hackers@FreeBSD.org
Precedence: bulk

>>Why ? Security must be enforced with proper protections, not by
>>simply trying to hide information which *is* available. One thing
>>I never liked in FreeBSD:
>>
>>    www# ls -l /sbin/init /sbin/shutdown
>>    -r-x------  1 bin   bin       143360 Nov 16 10:49 /sbin/init
>>    -r-sr-x---  1 root  operator  135168 Nov 16 10:49 /sbin/shutdown
>>
>>as if denying *read* access to these publicly available files would
>>prevent anyone from rebuilding them from the sources or getting a
>>copy from the binary distribution or from the CDROM.

I agree.  One thing I like about FreeBSD is that it only has 3 binaries
like this (the other one is /usr/sbin/watch).  On my ISP's
old-slackware-based  Linux system, there are 70 files like this,
including top secret (;-) ones like:

    -r-xr-x---   1 root     root        17412 Mar 12  1995 /sbin/mke2fs

This annoyed me when I wanted to grab it to test ext2fs under FreeBSD.

>   That's not the reason they have read permissions removed. It's common for
>people to have /sbin in their path - to pick up useful utilities which
>probably shouldn't be in /sbin anyway (like ifconfig and ping, for example),
>and executing /sbin/init by accident is not a good thing.

Erm.  It is harmless.

$bde init
bash: /sbin/init: Permission denied
$bde su
#root init
init: already running
#root ^D
$bde shutdown -r now    # I'm in group operator, better not do this accidentally
Shutdown NOW!
...
#root cp /sbin/init /tmp; chmod 777 /tmp/init
#root ^D
$bde ktrace -i /tmp/init
init: Operation not permitted
$bde kdump | less
$bde vi /usr/src/sbin/init/init.c
$bde # init bailed out early because getuid() != 0

Bruce