Date: Fri, 26 Jan 1996 08:58:21 -0500 From: Chuck Bacon <crtb@helix.nih.gov> To: Lyndon Nerenberg VE7TCP <lyndon@orthanc.com> Cc: security@freebsd.org Subject: Re: bin owned files Message-ID: <199601261358.IAA04922@helix.nih.gov>
next in thread | raw e-mail | index | archive | help
> >>>>> "Paul" == Paul Richards <p.richards@elsevier.co.uk>
>
> I am having a really tough time wrapping my head around this.
>
> Paul> Getting bin access does not give you root access.
>
> and then
>
> Therefore, the only
> Paul> way to get root access from bin is to replace, say, /bin/sh
> Paul> with a program that creates a suid root sh *when it is run
> Paul> by root*.
This wrangle has been going on for weeks now, and I wonder why nobody
has mentioned chflags(1):
# chflags -R schg /bin
# chflags -R schg /sbin
# chflags -R schg /usr/sbin
# (protect additional directories too)
Anyone with root access can destroy a system, but this makes it harder.
Chuck Bacon - crtb@helix.nih.gov
ABHOR SECRECY - DEFEND PRIVACY
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601261358.IAA04922>