Date: Wed, 16 Oct 1996 04:01:35 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, jgreco@brasil.moneng.mei.com Cc: freebsd-hackers@freebsd.org, j@uriah.heep.sax.de, luigi@labinfo.iet.unipi.it Subject: Re: /sbin/init permission Message-ID: <199610151801.EAA18319@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> >> -r-x------ 1 bin bin 20480 Oct 2 04:24 /sbin/init >> >> -r-sr-x--- 1 root operator 12288 Oct 2 04:26 /sbin/shutdown >> >> ---s--x--x 2 root bin 286720 Oct 2 04:19 /usr/bin/sperl4.036 >> >> ---s--x--x 2 root bin 286720 Oct 2 04:19 /usr/bin/suidperl >> >> -r-sr-x--- 1 uucp uucp 90112 Oct 2 04:09 /usr/libexec/uucp/uuxqt >> >> -r-x------ 1 bin bin 12288 Oct 2 04:42 /usr/sbin/watch >> >... >> >for suid applications there is a reason for being restrictive. For >> >> I think security by obscurity is the only reason. This doesn't apply >> to free software. > >Respectfully, I do not think that this is true. > >I am in favor of "raising the bar" that potential invaders have to jump >over whenever I can. This includes little things and big things. Well, the above is a curious selection of things with raised bars. What about the other 43 setuid root executables with permissions -r-sr-xr-x or -r-sr-sr-x in /*bin and /usr/*bin? Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610151801.EAA18319>