From owner-freebsd-arch@FreeBSD.ORG Fri Mar 30 18:57:30 2012 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DE741065670 for ; Fri, 30 Mar 2012 18:57:30 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 705248FC16 for ; Fri, 30 Mar 2012 18:57:30 +0000 (UTC) Received: by pbcwz17 with SMTP id wz17so2413200pbc.13 for ; Fri, 30 Mar 2012 11:57:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=xdNhAhpkAVqAibuXE6ool0zAll9CAaN1Qh3FVkzT1IY=; b=PUxgz7DCrqNjfuHfVMzYtk+9cpW/TJqbVDtUcfHF08mwuAhWFH/eUaufshZDpdm7Zp gZ0BxmFJneb1WG7hhMQDnD3GNZ/pkwLGFQIA1+MWbcUadSUfBqZLCQeQXXiOefkYO9o8 EfGcywLM4SpuZFenl18RZuz3TJnb+YzqR+GERFYglBiB7+O9eONUko1OhZZkMxMWRuQ8 JXQiYhepDmjiYk5YWspzimW7IcLrJ/0wrJR83pvdewi6nUPd9O4JyzOcPdJHMZjvKLy9 c+pHH5JmCSPSlzYyZ4a83Ccdh9jJSdmWvo4Vl/eu5YIfWO1nb4iZ+yuoMoWJdKrVV8dE 2StQ== MIME-Version: 1.0 Received: by 10.68.234.134 with SMTP id ue6mr12113789pbc.14.1333133849994; Fri, 30 Mar 2012 11:57:29 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.143.19.19 with HTTP; Fri, 30 Mar 2012 11:57:29 -0700 (PDT) In-Reply-To: <201203301516.q2UFG3ee013758@fire.js.berklix.net> References: <201203301516.q2UFG3ee013758@fire.js.berklix.net> Date: Fri, 30 Mar 2012 11:57:29 -0700 X-Google-Sender-Auth: zQzVQmxPnlpEYhpjn0in-yUUryM Message-ID: From: Adrian Chadd To: "Julian H. Stacey" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: arch@freebsd.org Subject: Re: Should standard binaries & directories revert from uid=root to bin ? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2012 18:57:30 -0000 hi, because id=3D0 defaults to being squashed via nfs. But if you have a filesystem full of uid=3Dbin/gid=3Dbin binaries, a slightly insecure NFS setup would allow NFS clients to simply set their uid=3Dbin and change these binaries. :-) Adrian On 30 March 2012 08:16, Julian H. Stacey wrote: > Hi arch@ > Time was, (& I can go back over 25 years here, but more recently too :-) > When standard Unix non SUID executables such as wc would be UID=3Dbin, > GID=3Dbin, & not root. =A0Ditto bin/ & lib/ etc directories. > > One advantage was: > =A0Anything that showed up with ls -l as UID=3D0 was either a SUID > =A0special, known to the admin's eye, or some administrative dropping, > =A0mistakenly created by someone logged in as root, to be reviewed/ > =A0regenerated/ deleted. > > Now all is UID=3D0. =A0Why ? What advantage did it bring ? > > Obviously some SUID & SGID executables need 0 (some could need just bin!) > but most files & directories do not need UID 0. > > BTW, How I noticed this : > =A0I was tracing why > =A0 =A0 =A0 =A0/usr/sbin/sshd -d -d -d -D > =A0was erroring: > =A0 =A0 =A0 =A0debug3: secure_filename: checking '/.amd_mnt/sshd_host/ad4= s1/usr1/home' > =A0 =A0 =A0 =A0Authentication refused: bad ownership or modes for directo= ry > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 /.amd_mnt/sshd_host/ad4s1/usr1/home > =A0just because my ~/.ssh was symbolicaly linked via AMD+NFS mounted on a= nother > =A0host, & there an intermediate directory was owned by bin & not root, > =A0 =A0 =A0 =A0ls -la /host/sshd_host/ad4s1/usr1/home > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0drwxr-xr-x =A018 bin =A0 =A0 bin =A0 =A0 = =A0 512 Mar =A06 11:56 ./ > =A0so I had to > =A0 =A0 =A0 =A0chown root:wheel /ad4s1/usr1/home > =A0Just to satisfy sshd being pointlessly strict, as directory was 755. > > So we have sshd that's pointlessly strict, & ownerships that seem > to have near all lost their precision. A funny combo ;-) > > Might others tackle the generic over use of root ? > If so I could create a patch to send-pr ssh =A0? > (but as ssh is an import, maybe just report & not [yet?] patch ?) > > Cheers, > Julian > -- > Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix= .com > =A0Reply below not above, cumulative like a play script, & indent with ">= ". > =A0Format: Plain text. Not HTML, multipart/alternative, base64, quoted-pr= intable. > =A0 =A0 =A0 =A0Mail from @yahoo dumped @berklix. =A0http://berklix.org/ya= hoo/ > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"