From owner-freebsd-security  Fri Jan 26 01:51:34 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id BAA27421
          for security-outgoing; Fri, 26 Jan 1996 01:51:34 -0800 (PST)
Received: from skiddaw.elsevier.co.uk (skiddaw.elsevier.co.uk [193.131.222.60])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id BAA27415
          for <security@FreeBSD.org>; Fri, 26 Jan 1996 01:51:28 -0800 (PST)
Received: from snowdon.elsevier.co.uk (snowdon.elsevier.co.uk [193.131.197.164]) by skiddaw.elsevier.co.uk (8.6.12/8.6.12) with ESMTP id JAA05491 for <security@FreeBSD.org>; Fri, 26 Jan 1996 09:49:35 GMT
Received: from cadair.elsevier.co.uk (actually host cadair) by snowdon 
          with SMTP (PP); Fri, 26 Jan 1996 09:49:42 +0000
Received: (from dpr@localhost) by cadair.elsevier.co.uk (8.6.12/8.6.12) 
          id JAA11440; Fri, 26 Jan 1996 09:49:43 GMT
From: Paul Richards <p.richards@elsevier.co.uk>
Message-Id: <199601260949.JAA11440@cadair.elsevier.co.uk>
Subject: Re: Ownership of files/tcp_wrappers port
To: obrien@cs.ucdavis.edu (David E. O'Brien)
Date: Fri, 26 Jan 1996 09:49:41 +0000 (GMT)
Cc: security@FreeBSD.org
In-Reply-To: <9601260937.AA00228@toadflax.cs.ucdavis.edu> from "David E. O'Brien" at Jan 26, 96 01:37:32 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-security@FreeBSD.org
Precedence: bulk

In reply to David E. O'Brien who said
> 
> As demonistrated by Nathan Lawson <nlawson@statler.csc.calpoly.edu>,
> having system binaries owned by ``bin'' has serious security flaws that
> would be reduced by having them owned by ``root'', the *real* question is
> how do we go about _offically_ changing this?
> 

guys, these are NFS problems. If you want to stop people su'ing to bin
then map bin to nobody as well.

-- 
  Paul Richards. Originative Solutions Ltd.
  Internet: paul@netcraft.co.uk, http://www.netcraft.co.uk
  Phone: 0370 462071 (Mobile), +44 1225 447500 (work)