Date: Fri, 26 Jan 1996 01:57:33 -0800 (PST) From: obrien@cs.ucdavis.edu (David E. O'Brien) To: security@freeBsd.org Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <9601260957.AA00572@toadflax.cs.ucdavis.edu> In-Reply-To: <199601260949.JAA11440@cadair.elsevier.co.uk> from "Paul Richards" at Jan 26, 96 09:49:41 am
next in thread | previous in thread | raw e-mail | index | archive | help
> In reply to David E. O'Brien who said > > > > As demonistrated by Nathan Lawson <nlawson@statler.csc.calpoly.edu>, > > having system binaries owned by ``bin'' has serious security flaws that > > would be reduced by having them owned by ``root'', the *real* question is > > how do we go about _offically_ changing this? > > guys, these are NFS problems. If you want to stop people su'ing to bin > then map bin to nobody as well. Fine, then lets get this configured as the default. Most sysadmin's don't know to do this. Why should FreeBSD be that much easier to break-ins straight from the box? Aren't the open, easy to exploit holes the ones we hate from other vendors. Are these the type of things we often feel the other vendors are being careless irresponsible about? If we know of an easy to abuse security related problem shouldn't we fix it? Weren't most of the vulerablities used by the RTM worm known? Why didn't those syadmin's replace those programs??? Either they didn't know themselves, or because of the work load, there were so many other "higher-priority" tasks to work on. -- David (obrien@cs.ucdavis.edu)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9601260957.AA00572>