From owner-freebsd-hackers Sun Nov 15 10:32:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA20099 for freebsd-hackers-outgoing; Sun, 15 Nov 1998 10:32:43 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA20094 for ; Sun, 15 Nov 1998 10:32:38 -0800 (PST) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail.siemens.de (salomon.siemens.de [139.23.33.13]) by david.siemens.de (8.9.1a/8.9.1) with ESMTP id TAA24846 for ; Sun, 15 Nov 1998 19:22:27 +0100 (MET) Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23]) by mail.siemens.de (8.9.1a/8.9.1) with ESMTP id TAA15919 for ; Sun, 15 Nov 1998 19:22:29 +0100 (MET) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.8.8/8.8.8) id TAA12244 for ; Sun, 15 Nov 1998 19:22:28 +0100 (CET) Message-ID: <19981115192224.A29686@internal> Date: Sun, 15 Nov 1998 19:22:24 +0100 From: Andre Albsmeier To: Matthew Dillon , Andre Albsmeier Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? References: <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <199811151758.JAA15108@apollo.backplane.com>; from Matthew Dillon on Sun, Nov 15, 1998 at 09:58:22AM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Nov 15, 1998 at 09:58:22AM -0800, Matthew Dillon wrote: > > :Hi, > : > :while installing xlockmore, I noticed that its mode is 4111 for root. > :... > : > :Wouldn't it be generally a good idea to make the /etc/spwd.db and > :the /etc/master.passwd file 640 and give them to a newly created > : > :root@voyager:~>ll /usr/X11R6/bin/xlock > :---x--s--x 1 root pw - 126976 Oct 1 08:17 /usr/X11R6/bin/xlock* > : > :What do you think? Will it make my systems more insecure with the > :above stuff or not? If not, wouldn't it make sense to incorporate > :the changes into FreeBSD? IMHO they break nothing since all programs > :... > : > : -Andre > > I think this is an excellent idea. A similar method is used for > the 'operator' group, to allow the dumper to dump disks without > giving him write access to them. OK, and I already thought it might be stupid/insecure/not_working doing so because it's rather simple and nobody has come up with it before. But with my paranoia about setuid root stuff, I finally decided to ask now :-) > Another thing that would be nice would be to give certain user id's > the ability to listen on low-numbered sockets without giving the rest > of the users that ability. > > Without going to full-blown capabilities, and adding a sysctl to turn > it on, I think we could reserve some gid_t values to mean certain > things. For example, a user in group 0x80000001 would be allowed > to bind to low-numbered ports. A user in group 0x80000002 would be > allowed to chown files away in mode 01000 directories (allowing a > mode 01740 directories to be controlled by a non-root program, but > accessible by users, aka /var/mail). And so on. > > Immediate uses that I can see: > > * bind (has a user run mode, but then can't rebind on ifc > changes) > * sendmail (currently run under user with special hacks only) > * popper (run as root) > * imapd (run as root) At least with popper (although I use cucipop) I think its difficult because I deliver mail to my users homedirs. > * xterm (suid root for utmp access) Yes, this is another candidate. Is the setuid root permission really only used to access /var/run/utmp? Let's see what the others say... -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message