From owner-freebsd-security Fri Jan 26 01:57:40 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id BAA27919 for security-outgoing; Fri, 26 Jan 1996 01:57:40 -0800 (PST) Received: from toadflax.cs.ucdavis.edu (toadflax.cs.ucdavis.edu [128.120.56.188]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id BAA27914 for ; Fri, 26 Jan 1996 01:57:37 -0800 (PST) Received: by toadflax.cs.ucdavis.edu (4.1/UCD.CS.2.6) id AA00572; Fri, 26 Jan 96 01:57:35 PST From: obrien@cs.ucdavis.edu (David E. O'Brien) Message-Id: <9601260957.AA00572@toadflax.cs.ucdavis.edu> Subject: Re: Ownership of files/tcp_wrappers port To: security@freeBsd.org Date: Fri, 26 Jan 1996 01:57:33 -0800 (PST) In-Reply-To: <199601260949.JAA11440@cadair.elsevier.co.uk> from "Paul Richards" at Jan 26, 96 09:49:41 am X-Mailer: ELM [version 2.4 PL24 ME8b] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freeBsd.org Precedence: bulk > In reply to David E. O'Brien who said > > > > As demonistrated by Nathan Lawson , > > having system binaries owned by ``bin'' has serious security flaws that > > would be reduced by having them owned by ``root'', the *real* question is > > how do we go about _offically_ changing this? > > guys, these are NFS problems. If you want to stop people su'ing to bin > then map bin to nobody as well. Fine, then lets get this configured as the default. Most sysadmin's don't know to do this. Why should FreeBSD be that much easier to break-ins straight from the box? Aren't the open, easy to exploit holes the ones we hate from other vendors. Are these the type of things we often feel the other vendors are being careless irresponsible about? If we know of an easy to abuse security related problem shouldn't we fix it? Weren't most of the vulerablities used by the RTM worm known? Why didn't those syadmin's replace those programs??? Either they didn't know themselves, or because of the work load, there were so many other "higher-priority" tasks to work on. -- David (obrien@cs.ucdavis.edu)