Date: Thu, 4 Nov 1999 09:23:15 +1100 From: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Examining FBSD set[ug]ids and their use Message-ID: <99Nov4.091750est.40370@border.alcanet.com.au> In-Reply-To: <Pine.BSF.3.96.991103122522.35508K-100000@fledge.watson.org> References: <14367.64514.294218.824898@anarcat.dyndns.org> <Pine.BSF.3.96.991103122522.35508K-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1999-Nov-04 04:29:38 +1100, Robert Watson wrote: >However, I don't like that /usr/bin/uustat is still owned by UUCP, and ... >Same goes for man -- /usr/bin/man is owned by uid man, so anyone who >breaks the manpage sandbox can modify it, and abscond with the privileges >of any user running man. Another option (at least for us) is to mark them system immutable (schg). That stops them being modified by their owner (though it is more a work-around than a real fix). > Man should really use a gid, not a uid, so that >the man binary doesn't have to by writable by the sandbox. In this case, this would be a reasonable change, and I can't see any immediate problems. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Nov4.091750est.40370>