From owner-freebsd-hackers Tue Oct 15 11:07:19 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA24936 for hackers-outgoing; Tue, 15 Oct 1996 11:07:19 -0700 (PDT) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA24913 for ; Tue, 15 Oct 1996 11:06:48 -0700 (PDT) Received: (from bde@localhost) by godzilla.zeta.org.au (8.7.6/8.6.9) id EAA18319; Wed, 16 Oct 1996 04:01:35 +1000 Date: Wed, 16 Oct 1996 04:01:35 +1000 From: Bruce Evans Message-Id: <199610151801.EAA18319@godzilla.zeta.org.au> To: bde@zeta.org.au, jgreco@brasil.moneng.mei.com Subject: Re: /sbin/init permission Cc: freebsd-hackers@freebsd.org, j@uriah.heep.sax.de, luigi@labinfo.iet.unipi.it Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >> >> -r-x------ 1 bin bin 20480 Oct 2 04:24 /sbin/init >> >> -r-sr-x--- 1 root operator 12288 Oct 2 04:26 /sbin/shutdown >> >> ---s--x--x 2 root bin 286720 Oct 2 04:19 /usr/bin/sperl4.036 >> >> ---s--x--x 2 root bin 286720 Oct 2 04:19 /usr/bin/suidperl >> >> -r-sr-x--- 1 uucp uucp 90112 Oct 2 04:09 /usr/libexec/uucp/uuxqt >> >> -r-x------ 1 bin bin 12288 Oct 2 04:42 /usr/sbin/watch >> >... >> >for suid applications there is a reason for being restrictive. For >> >> I think security by obscurity is the only reason. This doesn't apply >> to free software. > >Respectfully, I do not think that this is true. > >I am in favor of "raising the bar" that potential invaders have to jump >over whenever I can. This includes little things and big things. Well, the above is a curious selection of things with raised bars. What about the other 43 setuid root executables with permissions -r-sr-xr-x or -r-sr-sr-x in /*bin and /usr/*bin? Bruce