From owner-freebsd-security Wed Jan 24 23:15:18 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA15364 for security-outgoing; Wed, 24 Jan 1996 23:15:18 -0800 (PST) Received: from gateway.fedex.com (gateway.fedex.com [198.80.10.2]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA15357 for ; Wed, 24 Jan 1996 23:15:15 -0800 (PST) Received: by gateway.fedex.com id AA27853 (InterLock SMTP Gateway 3.0 for security@freebsd.org); Thu, 25 Jan 1996 01:13:43 -0600 X-Disclaimer: THE COMMENTS CONTAINED IN THIS MESSAGE REFLECT THE VIEWS OF THE WRITER AND ARE NOT NECESSARILY THE VIEWS OF FEDERAL EXPRESS CORPORATION. Message-Id: <199601250713.AA27853@gateway.fedex.com> Received: by gateway.fedex.com (Internal Mail Agent-2); Thu, 25 Jan 1996 01:13:43 -0600 Received: by gateway.fedex.com (Internal Mail Agent-1); Thu, 25 Jan 1996 01:13:43 -0600 X-Authentication-Warning: dpd08.dpd.fedex.com: Host localhost didn't use HELO protocol To: James Seng Cc: security@freebsd.org Subject: Re: Ownership of files/tcp_wrappers port Date: Thu, 25 Jan 1996 01:15:57 -0600 From: William McVey Sender: owner-security@freebsd.org Precedence: bulk James Seng wrote: >Perhaps i think root have too much power? It seem like none or all solution. >In this aspect VMS is better i guess. Making a bin owner for system files does not fix this. Root's privileges come from a fundemental design of the operating system. I'm really skeptical that this could be corrected by user level changes on owners. The simple fact is you aren't taking any privileges away from root by creating the bin account. Root can always become 'bin' therefore putting your trust in the bin account doesn't keep root from being all powerful. >In that case, i guess the system admin should wake up a bit *8) Anyone >who see bin in that wtmp got to do something fast... The point is that wtmp is a detection tool. Once bin has logged in, its a straight path to root and wtmp is likely to be fixed to remove any indication of wrong doing. The real solution is to focus on prevention of the problem, not detection. The way to prevent this is to set the owners of critical system files (system binaries included) to be root. >It is funny that we have access control on telnetd (or is it >logind?), that is who and who is able to login thru telnet, but we have no >access control on rlogin, rsh etc...hmm... We have user level access control on telnet? How? The user isn't defined in starting a telnet session until the network has connected you to login. I think you may be confusing our recent discussions of tcpd, which does host based access control. But this is available on the rsh suite of tools as well. >> It hurts security. I still have yet to hear a good reason why bin ownership >> has even one advantage over root. >Lets see...because we dont like root to have too much privelliges? *8)))))) >(sorry, i couldnt think of a good reason either but i support the idea for > bin to own binaries..hehe *8) I assume the smileys indicate massive sarcasm. -- William