From owner-freebsd-security  Fri Jan 26 05:58:24 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id FAA05919
          for security-outgoing; Fri, 26 Jan 1996 05:58:24 -0800 (PST)
Received: from helix.nih.gov (helix.nih.gov [128.231.2.3])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id FAA05914
          for <security@freebsd.org>; Fri, 26 Jan 1996 05:58:22 -0800 (PST)
Received: (from crtb@localhost) by helix.nih.gov (8.6.12/8.6.12)
	 id IAA04922; Fri, 26 Jan 1996 08:58:21 -0500
Date: Fri, 26 Jan 1996 08:58:21 -0500
From: Chuck Bacon <crtb@helix.nih.gov>
Message-Id: <199601261358.IAA04922@helix.nih.gov>
To: Lyndon Nerenberg VE7TCP <lyndon@orthanc.com>
Subject: Re: bin owned files
Cc: security@freebsd.org
Sender: owner-security@freebsd.org
Precedence: bulk

> >>>>> "Paul" == Paul Richards <p.richards@elsevier.co.uk>
> 
> I am having a really tough time wrapping my head around this.
> 
>     Paul> Getting bin access does not give you root access.
> 
> and then
> 
> 	 Therefore, the only
>     Paul> way to get root access from bin is to replace, say, /bin/sh
>     Paul> with a program that creates a suid root sh *when it is run
>     Paul> by root*. 

This wrangle has been going on for weeks now, and I wonder why nobody
has mentioned chflags(1):

    # chflags -R schg /bin
    # chflags -R schg /sbin
    # chflags -R schg /usr/sbin
    # (protect additional directories too)

Anyone with root access can destroy a system, but this makes it harder.

	Chuck Bacon - crtb@helix.nih.gov
		ABHOR SECRECY	-   DEFEND PRIVACY